UCF STIG Viewer Logo

The EDB Postgres Advanced Server must generate audit records when unsuccessful logons or connection attempts occur.


Overview

Finding ID Version Rule ID IA Controls Severity
V-213656 PPS9-00-011900 SV-213656r508024_rule Medium
Description
For completeness of forensic analysis, it is necessary to track failed attempts to log on to the DBMS. While positive identification may not be possible in a case of failed authentication, as much information as possible about the incident must be captured.
STIG Date
EDB Postgres Advanced Server Security Technical Implementation Guide 2022-06-13

Details

Check Text ( C-14878r290280_chk )
Execute the following SQL as enterprisedb:

SHOW edb_audit_connect;

If the result is not "all" or if the current setting for this requirement has not been noted and approved by the organization in the system documentation, this is a finding.
Fix Text (F-14876r290281_fix)
Execute the following SQL as enterprisedb:

ALTER SYSTEM SET edb_audit_connect = 'all';
ALTER SYSTEM SET edb_audit_disconnect = 'all';
SELECT pg_reload_conf();

or

Update the system documentation to note the organizationally approved setting and corresponding justification of the setting for this requirement.