The vROps PostgreSQL DB must provide authorized users to capture, record, and log all content related to a user session.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-88225	VROM-PG-000050	SV-98875r1_rule		Medium

Description
Without the capability to capture, record, and log all content related to a user session, investigations into suspicious user activity would be hampered. Typically, this DBMS capability would be used in conjunction with comparable monitoring of a user's online session, involving other software components such as operating systems, web servers, and front-end user applications. The current requirement, however, deals specifically with the DBMS.

Description

Without the capability to capture, record, and log all content related to a user session, investigations into suspicious user activity would be hampered. Typically, this DBMS capability would be used in conjunction with comparable monitoring of a user's online session, involving other software components such as operating systems, web servers, and front-end user applications. The current requirement, however, deals specifically with the DBMS.

STIG	Date
VMW vRealize Operations Manager 6.x PostgreSQL Security Technical Implementation Guide	2018-10-11

Details

Check Text ( C-87917r1_chk )
At the command prompt, execute the following command: # grep '^\s*log_statement\b' /storage/db/vcops/vpostgres/data/postgresql.conf If log_statement is not set to "all", this is a finding.

Fix Text (F-94967r1_fix)
At the command prompt, execute the following commands: # /opt/vmware/vpostgres/current/bin/psql -U postgres -c "ALTER SYSTEM SET log_statement TO 'all';" # /opt/vmware/vpostgres/current/bin/psql -U postgres -c "SELECT pg_reload_conf();"