STIGQter: STIG Summary: VMware vSphere 6.7 PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

VMware Postgres must require authentication on all connections.

DISA Rule

SV-239204r717055_rule

Vulnerability Number

V-239204

Group Title

SRG-APP-000148-DB-000103

Rule Version

VCPG-67-000012

Severity

CAT I

CCI(s)

CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Weight

Fix Recommendation

Navigate to and open /storage/db/pgdata/pg_hba.conf.

Find and remove the line that has a method of "trust" in the far right column.

A correct, typical line will look like the following:
# TYPE DATABASE USER ADDRESS METHOD
host all all 127.0.0.1/32 md5

Check Contents

At the command prompt, execute the following command:

# grep -v "^#" /storage/db/vpostgres/pg_hba.conf|grep -z --color=always "trust"

If any lines are returned, this is a finding.

Vulnerability Number

V-239204

Documentable

False

Rule Version

VCPG-67-000012

Severity Override Guidance

At the command prompt, execute the following command:

# grep -v "^#" /storage/db/vpostgres/pg_hba.conf|grep -z --color=always "trust"

If any lines are returned, this is a finding.

Check Content Reference

Target Key

5324

VMware Postgres must require authentication on all connections.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments