The EDB Postgres Advanced Server must generate audit records when security objects are deleted.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-69051 | PPS9-00-011400 | SV-83655r1_rule | Medium |
| Description |
|---|
| The removal of security objects from the database/DBMS would seriously degrade a system's information assurance posture. If such an event occurs, it must be logged. |
| STIG | Date |
|---|---|
| EDB Postgres Advanced Server Security Technical Implementation Guide | 2016-08-19 |
Details
| Check Text ( C-69525r1_chk ) |
|---|
| Execute the following SQL as enterprisedb: SHOW edb_audit_statement; If the result is not "all", this is a finding. |
| Fix Text (F-75237r1_fix) |
|---|
| Execute the following SQL as enterprisedb: ALTER SYSTEM SET edb_audit_statement = 'all'; SELECT pg_reload_conf(); |