Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The vCenter PostgreSQL service must log all connection attempts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-259183 | VCPG-80-000110 | SV-259183r961824_rule | Medium |
| Description |
|---|
| For completeness of forensic analysis, it is necessary to track successful and failed attempts to log on to PostgreSQL. Setting "log_connections" to "on" will cause each attempted connection to the server to be logged, as well as successful completion of client authentication. Satisfies: SRG-APP-000503-DB-000350, SRG-APP-000503-DB-000351, SRG-APP-000506-DB-000353, SRG-APP-000508-DB-000358 |
| STIG | Date |
|---|---|
| VMware vSphere 8.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide | 2024-07-11 |
Details
| Check Text ( C-62923r935451_chk ) |
|---|
| At the command prompt, run the following command: # /opt/vmware/vpostgres/current/bin/psql -U postgres -A -t -c "SHOW log_connections;" Expected result: on If the output does not match the expected result, this is a finding. |
| Fix Text (F-62832r935452_fix) |
|---|
| A script is included with vCenter to generate a PostgreSQL STIG configuration. At the command prompt, run the following commands: # chmod +x /opt/vmware/vpostgres/current/bin/vmw_vpg_config/vmw_vpg_config.py # /opt/vmware/vpostgres/current/bin/vmw_vpg_config/vmw_vpg_config.py --action stig_enable --pg-data-dir /storage/db/vpostgres # chmod -x /opt/vmware/vpostgres/current/bin/vmw_vpg_config/vmw_vpg_config.py Restart the PostgreSQL service by running the following command: # vmon-cli --restart vmware-vpostgres |