UCF STIG Viewer Logo

The vROps PostgreSQL DB must generate audit records when security objects are deleted.


Overview

Finding ID Version Rule ID IA Controls Severity
V-88319 VROM-PG-000540 SV-98969r1_rule Medium
Description
The removal of security objects from the database/DBMS would seriously degrade a system's information assurance posture. If such an event occurs, it must be logged.
STIG Date
VMW vRealize Operations Manager 6.x PostgreSQL Security Technical Implementation Guide 2018-10-11

Details

Check Text ( C-88011r1_chk )
At the command prompt, execute the following command:

# grep '^\s*log_statement\b' /storage/db/vcops/vpostgres/data/postgresql.conf

If "log_statement" is not set to "all", this is a finding.
Fix Text (F-95061r1_fix)
At the command prompt, execute the following commands:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "ALTER SYSTEM SET log_statement TO 'all';"
# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "SELECT pg_reload_conf();"