vRA PostgreSQL database log file data must contain required data elements.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-89347	VRAU-PG-000075	SV-99997r1_rule		Medium

Description
Information system auditing capability is critical for accurate forensic analysis. Without information that establishes the identity of the subjects (i.e., users or processes acting on behalf of users) associated with the events, security personnel cannot determine responsibility for the potentially harmful event. Identifiers (if authenticated or otherwise known) include, but are not limited to, user database tables, primary key values, user names, or process identifiers.

Description

Information system auditing capability is critical for accurate forensic analysis. Without information that establishes the identity of the subjects (i.e., users or processes acting on behalf of users) associated with the events, security personnel cannot determine responsibility for the potentially harmful event. Identifiers (if authenticated or otherwise known) include, but are not limited to, user database tables, primary key values, user names, or process identifiers.

STIG	Date
VMW vRealize Automation 7.x PostgreSQL Security Technical Implementation Guide	2018-10-12

Details

Check Text ( C-89039r1_chk )
At the command prompt, execute the following command: # grep '^\s*log_line_prefix\b' /storage/db/pgdata/postgresql.conf If "log_line_prefix" is not set to "%m %d %u %r %p %l %c", this is a finding.

Fix Text (F-96089r1_fix)
At the command prompt, execute the following commands: # /opt/vmware/vpostgres/current/bin/psql -U postgres -c "ALTER SYSTEM SET log_line_prefix TO '%m %d %u %r %p %l %c';" # /opt/vmware/vpostgres/current/bin/psql -U postgres -c "SELECT pg_reload_conf();"