STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020: STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:SV-233606r617333_rule
V-233606
SRG-APP-000220-DB-000149
CD12-00-010600
CAT II
10
Note: The following instructions use the PGDATA and PGVER environment variables. See supplementary content APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER.
As the database administrator (shown here as "postgres"), edit postgresql.conf:
$ sudo su - postgres
$ vi $PGDATA/postgresql.conf
Set the following parameters to organizational requirements:
statement_timeout = 10000 #milliseconds
tcp_keepalives_idle = 10 # seconds
tcp_keepalives_interval = 10 # seconds
tcp_keepalives_count = 10
Now, as the system administrator, restart the server with the new configuration:
$ sudo systemctl restart postgresql-${PGVER?}
As the database administrator (shown here as "postgres"), run the following SQL:
$ sudo su - postgres
$ psql -c "SHOW tcp_keepalives_idle"
$ psql -c "SHOW tcp_keepalives_interval"
$ psql -c "SHOW tcp_keepalives_count"
$ psql -c "SHOW statement_timeout"
If these settings are not set to something other than zero, this is a finding.
V-233606
False
CD12-00-010600
As the database administrator (shown here as "postgres"), run the following SQL:
$ sudo su - postgres
$ psql -c "SHOW tcp_keepalives_idle"
$ psql -c "SHOW tcp_keepalives_interval"
$ psql -c "SHOW tcp_keepalives_count"
$ psql -c "SHOW statement_timeout"
If these settings are not set to something other than zero, this is a finding.
M
5254