STIGQter: STIG Summary: VMW vRealize Operations Manager 6.x PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The vROps PostgreSQL DB must reveal detailed error messages only to the ISSO, ISSM, SA and DBA.

DISA Rule

SV-98927r1_rule

Vulnerability Number

V-88277

Group Title

SRG-APP-000267-DB-000163

Rule Version

VROM-PG-000305

Severity

CAT II

CCI(s)

CCI-001314 - The information system reveals error messages only to organization-defined personnel or roles.

Weight

Fix Recommendation

At the command prompt, enter the following command:

chmod 640 /storage/db/vcops/vpostgres/data/serverlog

Check Contents

At the command prompt, execute the following command:

# ls -l /storage/db/vcops/vpostgres/data/serverlog

If the file permissions are more permissive than "640", this is a finding.

Vulnerability Number

V-88277

Documentable

False

Rule Version

VROM-PG-000305

Severity Override Guidance

At the command prompt, execute the following command:

# ls -l /storage/db/vcops/vpostgres/data/serverlog

If the file permissions are more permissive than "640", this is a finding.

Check Content Reference

Target Key

3445

The vROps PostgreSQL DB must reveal detailed error messages only to the ISSO, ISSM, SA and DBA.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments