UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The vROps PostgreSQL DB must generate audit records when security objects are deleted.


Overview

Finding ID Version Rule ID IA Controls Severity
V-88319 VROM-PG-000540 SV-98969r1_rule Medium
Description
The removal of security objects from the database/DBMS would seriously degrade a system's information assurance posture. If such an event occurs, it must be logged.
STIG Date
VMW vRealize Operations Manager 6.x PostgreSQL Security Technical Implementation Guide 2018-10-11

Details

Check Text ( C-88011r1_chk )
At the command prompt, execute the following command:

# grep '^\s*log_statement\b' /storage/db/vcops/vpostgres/data/postgresql.conf

If "log_statement" is not set to "all", this is a finding.
Fix Text (F-95061r1_fix)
At the command prompt, execute the following commands:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "ALTER SYSTEM SET log_statement TO 'all';"
# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "SELECT pg_reload_conf();"