Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-68887 | PPS9-00-001200 | SV-83491r2_rule | Medium |
Description |
---|
Under some circumstances, it may be useful to monitor who/what is reading privilege/permission/role information. Therefore, it must be possible to configure auditing to do this. DBMSs typically make such information available through views or functions. This requirement addresses explicit requests for privilege/permission/role membership information. It does not refer to the implicit retrieval of privileges/permissions/role memberships that the DBMS continually performs to determine if any and every action on the database is permitted. |
STIG | Date |
---|---|
EDB Postgres Advanced Server Security Technical Implementation Guide | 2018-09-13 |
Check Text ( C-69357r2_chk ) |
---|
Execute the following SQL as enterprisedb: SHOW edb_audit_statement; If the result is not "all" or if the current setting for this requirement has not been noted and approved by the organization in the system documentation, this is a finding. |
Fix Text (F-75069r2_fix) |
---|
Execute the following SQL as enterprisedb: ALTER SYSTEM SET edb_audit_statement = 'all'; SELECT pg_reload_conf(); or Update the system documentation to note the organizationally approved setting and corresponding justification of the setting for this requirement. |