STIGQter STIGQter: STIG Summary: VMW vRealize Operations Manager 6.x PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to the vROps PostgreSQL DB, etc.) must be restricted to authorized users.

DISA Rule

SV-98907r1_rule

Vulnerability Number

V-88257

Group Title

SRG-APP-000133-DB-000362

Rule Version

VROM-PG-000155

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

At the command prompt, execute the following command:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "REVOKE ALL PRIVILEGES FROM <user>;"

Replace <user> with the account discovered during the check.

Check Contents

At the command prompt, execute the following command:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "\du;"

If the accounts other than "postgres" and "vc" have create privileges, this is a finding.

Vulnerability Number

V-88257

Documentable

False

Rule Version

VROM-PG-000155

Severity Override Guidance

At the command prompt, execute the following command:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "\du;"

If the accounts other than "postgres" and "vc" have create privileges, this is a finding.

Check Content Reference

M

Target Key

3445

Comments