STIGQter: STIG Summary: VMW vRealize Operations Manager 6.x PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

In the event of a system failure, the vROps PostgreSQL DB must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.

DISA Rule

SV-98921r1_rule

Vulnerability Number

V-88271

Group Title

SRG-APP-000226-DB-000147

Rule Version

VROM-PG-000255

Severity

CAT II

CCI(s)

CCI-001665 - The information system preserves organization-defined system state information in the event of a system failure.

Weight

Fix Recommendation

At the command prompt, execute the following commands:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "ALTER SYSTEM SET <name> TO 'on';"
# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "SELECT pg_reload_conf();"

Note: Substitute <name> with the incorrectly set parameter.

Check Contents

At the command prompt, execute the following command:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "SELECT name, setting FROM pg_settings WHERE name IN ('fsync','full_page_writes','synchronous_commit');"

If "fsync", "full_page_writes", and "synchronous_commit" are not set to "on", this is a finding.

The command should return the below lines:
name | setting
---------------------------+---------
fsync | on
full_page_writes | on
synchronous_commit | on
(3 rows)

In the event of a system failure, the vROps PostgreSQL DB must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments