STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020: STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:SV-233608r617333_rule
V-233608
SRG-APP-000096-DB-000040
CD12-00-011100
CAT II
10
Note: The following instructions use the PGDATA and PGVER environment variables. See supplementary content APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER.
Logging must be enabled in order to capture timestamps. To ensure that logging is enabled, review supplementary content APPENDIX-C for instructions on enabling logging.
If logging is enabled, the following configurations must be made to log events with timestamps:
First, as the database administrator (shown here as "postgres"), edit postgresql.conf:
$ sudo su - postgres
$ vi ${PGDATA?}/postgresql.conf
Add %m to log_line_prefix to enable timestamps with milliseconds:
log_line_prefix = '< %m >'
Now, as the system administrator, reload the server with the new configuration:
$ sudo systemctl reload postgresql-${PGVER?}
As the database administrator (usually postgres), run the following SQL:
$ sudo su - postgres
$ psql -c "SHOW log_line_prefix"
If the query result does not contain "%m", this is a finding.
V-233608
False
CD12-00-011100
As the database administrator (usually postgres), run the following SQL:
$ sudo su - postgres
$ psql -c "SHOW log_line_prefix"
If the query result does not contain "%m", this is a finding.
M
5254