Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-239775 | VROM-PG-000035 | SV-239775r879561_rule | Medium |
Description |
---|
Under some circumstances, it may be useful to monitor who/what is reading privilege/permission/role information. Therefore, it must be possible to configure auditing to do this. DBMSs typically make such information available through views or functions. This requirement addresses explicit requests for privilege/permission/role membership information. It does not refer to the implicit retrieval of privileges/permissions/role memberships that the DBMS continually performs to determine if any and every action on the database is permitted. |
STIG | Date |
---|---|
VMW vRealize Operations Manager 6.x PostgreSQL Security Technical Implementation Guide | 2023-09-12 |
Check Text ( C-43008r663700_chk ) |
---|
At the command prompt, execute the following command: # grep '^\s*log_statement\b' /storage/db/vcops/vpostgres/data/postgresql.conf If log_statement is not set to "all", this is a finding. |
Fix Text (F-42967r663701_fix) |
---|
At the command prompt, execute the following commands: # /opt/vmware/vpostgres/current/bin/psql -U postgres -c "ALTER SYSTEM SET log_statement TO 'all';" # /opt/vmware/vpostgres/current/bin/psql -U postgres -c "SELECT pg_reload_conf();" |