STIGQter STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 25 Oct 2019: The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized modification.

DISA Rule

SV-83519r1_rule

Vulnerability Number

V-68915

Group Title

SRG-APP-000119-DB-000060

Rule Version

PPS9-00-002700

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Run these commands:

1) "chown enterprisedb <postgresql data directory>/edb_audit"

2) "chgrp enterprisedb <postgresql data directory>/edb_audit"

3) "chmod 700 <postgresql data directory>/edb_audit"

(The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

Check Contents

Verify User ownership, Group ownership, and permissions on the “edb_audit” directory:
> ls –ald <postgresql data directory>/edb_audit
If the User owner is not “enterprisedb”, this is a finding
If the Group owner is not “enterprisedb”, this is a finding.
If the directory is more permissive than 700, this is a finding.

(The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

Vulnerability Number

V-68915

Documentable

False

Rule Version

PPS9-00-002700

Severity Override Guidance

Verify User ownership, Group ownership, and permissions on the “edb_audit” directory:
> ls –ald <postgresql data directory>/edb_audit
If the User owner is not “enterprisedb”, this is a finding
If the Group owner is not “enterprisedb”, this is a finding.
If the directory is more permissive than 700, this is a finding.

(The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

Check Content Reference

M

Target Key

2933

Comments