UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

VMware Postgres must enforce authorized access to all PKI private keys.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239206 VCPG-67-000014 SV-239206r717057_rule High
Description
The DoD standard for authentication is DoD-approved PKI certificates. PKI certificate-based authentication is performed by requiring the certificate holder to cryptographically prove possession of the corresponding private key. If the private key is stolen, an attacker can use the private key(s) to impersonate the certificate holder. In cases where the DBMS-stored private keys are used to authenticate the DBMS to the system’s clients, loss of the corresponding private keys would allow an attacker to successfully perform undetected man-in-the-middle attacks against the DBMS system and its clients. All access to the private key(s) of the DBMS must be restricted to authorized and authenticated users.
STIG Date
VMware vSphere 6.7 PostgreSQL Security Technical Implementation Guide 2021-04-15

Details

Check Text ( C-42439r678989_chk )
At the command prompt, execute the following command:

# stat -c "%a:%U:%G" /storage/db/vpostgres_ssl/server.key

Expected result:

600:vpostgres:users

If the output does not match the expected result, this is a finding.
Fix Text (F-42398r678990_fix)
At the command prompt, execute the following commands:

# chmod 600 /storage/db/vpostgres_ssl/server.key
# chown vpostgres:users /storage/db/vpostgres_ssl/server.key