Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-233548 | CD12-00-004150 | SV-233548r961470_rule | Medium |
Description |
---|
Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats. |
STIG | Date |
---|---|
Crunchy Data PostgreSQL Security Technical Implementation Guide | 2024-06-12 |
Check Text ( C-36742r606867_chk ) |
---|
As the database administrator, run the following SQL: $ psql -c "SHOW port" If the currently defined port configuration is deemed prohibited, this is a finding. |
Fix Text (F-36707r606868_fix) |
---|
Note: The following instructions use the PGDATA and PGVER environment variables. See supplementary content APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER. To change the listening port of the database, as the database administrator, change the following setting in postgresql.conf: $ sudo su - postgres $ vi $PGDATA/postgresql.conf Change the port parameter to the desired port. Next, restart the database: $ sudo systemctl restart postgresql-${PGVER?} Note: psql uses the port 5432 by default. This can be changed by specifying the port with psql or by setting the PGPORT environment variable: $ psql -p 5432 -c "SHOW port" $ export PGPORT=5432 |