UCF STIG Viewer Logo

PostgreSQL must initiate session auditing upon startup.


Overview

Finding ID Version Rule ID IA Controls Severity
V-73001 PGS9-00-008600 SV-87653r2_rule Medium
Description
Session auditing is for use when a user's activities are under investigation. To be sure of capturing all activity during those periods when session auditing is in use, it needs to be in operation for the whole time PostgreSQL is running.
STIG Date
PostgreSQL 9.x Security Technical Implementation Guide 2017-12-27

Details

Check Text ( C-73131r3_chk )
As the database administrator (shown here as "postgres"), check the current settings by running the following SQL:

$ sudo su - postgres
$ psql -c "SHOW shared_preload_libraries"

If pgaudit is not in the current setting, this is a finding.

As the database administrator (shown here as "postgres"), check the current settings by running the following SQL:

$ psql -c "SHOW log_destination"

If stderr or syslog are not in the current setting, this is a finding.
Fix Text (F-79447r1_fix)
Configure PostgreSQL to enable auditing.

To ensure that logging is enabled, review supplementary content APPENDIX-C for instructions on enabling logging.

For session logging we suggest using pgaudit. For instructions on how to setup pgaudit, see supplementary content APPENDIX-B.