STIGQter STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 25 Oct 2019: The EDB Postgres Advanced Server must enforce access restrictions associated with changes to the configuration of the EDB Postgres Advanced Server or database(s).

DISA Rule

SV-83609r1_rule

Vulnerability Number

V-69005

Group Title

SRG-APP-000380-DB-000360

Rule Version

PPS9-00-008500

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure EDB PPAS to enforce access restrictions associated with changes to the configuration of the EDB Postgres database(s).

Check Contents

Review the security configuration of the EDB Postgres database(s).

If unauthorized users can start the SQL Server Configuration Manager or SQL Server Management Studio, this is a finding.

If EDB Postgres does not enforce access restrictions associated with changes to the configuration of the database(s), this is a finding.

- - - - -

To assist in conducting reviews of permissions, the following psql commands describe permissions of databases, schemas, and users:

\l
\dn+
\du

Permissions of concern in this respect include the following, and possibly others:

- any user with SUPERUSER privileges
- any database or schema with "C" (create) or "w" (update) privileges that are not necessary

Vulnerability Number

V-69005

Documentable

False

Rule Version

PPS9-00-008500

Severity Override Guidance

Review the security configuration of the EDB Postgres database(s).

If unauthorized users can start the SQL Server Configuration Manager or SQL Server Management Studio, this is a finding.

If EDB Postgres does not enforce access restrictions associated with changes to the configuration of the database(s), this is a finding.

- - - - -

To assist in conducting reviews of permissions, the following psql commands describe permissions of databases, schemas, and users:

\l
\dn+
\du

Permissions of concern in this respect include the following, and possibly others:

- any user with SUPERUSER privileges
- any database or schema with "C" (create) or "w" (update) privileges that are not necessary

Check Content Reference

M

Target Key

2933

Comments