UCF STIG Viewer Logo

The EDB Postgres Advanced Server must generate audit records when unsuccessful logons or connection attempts occur.


Overview

Finding ID Version Rule ID IA Controls Severity
V-69061 PPS9-00-011900 SV-83665r2_rule Medium
Description
For completeness of forensic analysis, it is necessary to track failed attempts to log on to the DBMS. While positive identification may not be possible in a case of failed authentication, as much information as possible about the incident must be captured.
STIG Date
EDB Postgres Advanced Server Security Technical Implementation Guide 2017-11-17

Details

Check Text ( C-69535r2_chk )
Execute the following SQL as enterprisedb:

SHOW edb_audit_connect;

If the result is not "all" or if the current setting for this requirement has not been noted and approved by the organization in the system documentation, this is a finding.
Fix Text (F-75247r2_fix)
Execute the following SQL as enterprisedb:

ALTER SYSTEM SET edb_audit_connect = 'all';
ALTER SYSTEM SET edb_audit_disconnect = 'all';
SELECT pg_reload_conf();

or

Update the system documentation to note the organizationally approved setting and corresponding justification of the setting for this requirement.