UCF STIG Viewer Logo

The EDB Postgres Advanced Server must generate audit records when privileges/permissions are retrieved.


Overview

Finding ID Version Rule ID IA Controls Severity
V-68887 PPS9-00-001200 SV-83491r1_rule Medium
Description
Under some circumstances, it may be useful to monitor who/what is reading privilege/permission/role information. Therefore, it must be possible to configure auditing to do this. DBMSs typically make such information available through views or functions. This requirement addresses explicit requests for privilege/permission/role membership information. It does not refer to the implicit retrieval of privileges/permissions/role memberships that the DBMS continually performs to determine if any and every action on the database is permitted.
STIG Date
EDB Postgres Advanced Server Security Technical Implementation Guide 2016-08-19

Details

Check Text ( C-69357r1_chk )
Execute the following SQL as enterprisedb:

SHOW edb_audit_statement;

If the result is not "all", this is a finding.
Fix Text (F-75069r1_fix)
Execute the following SQL as enterprisedb:

ALTER SYSTEM SET edb_audit_statement = 'all';
SELECT pg_reload_conf();