VMware Postgres log files must contain required fields.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-239197 | VCPG-67-000002 | SV-239197r717050_rule | Medium |
| Description |
|---|
| Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. As an embedded database that is only accessible via localhost, VMware Postgres on the VCSA does not implement robust auditing. However, it can and must be configured to log reasonable levels of information relating to user actions to enable proper troubleshooting. Satisfies: SRG-APP-000089-DB-000064, SRG-APP-000095-DB-000039, SRG-APP-000096-DB-000040, SRG-APP-000097-DB-000041, SRG-APP-000098-DB-000042, SRG-APP-000099-DB-000043, SRG-APP-000100-DB-000201, SRG-APP-000101-DB-000044, SRG-APP-000375-DB-000323 |
| STIG | Date |
|---|---|
| VMware vSphere 6.7 PostgreSQL Security Technical Implementation Guide | 2021-04-15 |
Details
| Check Text ( C-42430r678962_chk ) |
|---|
| At the command prompt, execute the following command: # /opt/vmware/vpostgres/current/bin/psql -U postgres -c "SHOW log_line_prefix;"|sed -n 3p|sed -e 's/^[ ]*//' Expected result: %m %c %x %d %u %r %p %l If the output does not match the expected result, this is a finding. |
| Fix Text (F-42389r678963_fix) |
|---|
| At the command prompt, execute the following commands: # /opt/vmware/vpostgres/current/bin/psql -U postgres -c "ALTER SYSTEM SET log_line_prefix TO '%m %c %x %d %u %r %p %l ';" # /opt/vmware/vpostgres/current/bin/psql -U postgres -c "SELECT pg_reload_conf();" |