The EDB Postgres Advanced Server must generate time stamps for audit records and application data, with a minimum granularity of one second.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-259282 | EPAS-00-008300 | SV-259282r938899_rule | Medium |
| Description |
|---|
| Without sufficient granularity of time stamps, it is not possible to adequately determine the chronological order of records. Time stamps generated by the DBMS must include date and time. Granularity of time measurements refers to the precision available in time stamp values. Granularity coarser than one second is not sufficient for audit trail purposes. Time stamp values are typically presented with three or more decimal places of seconds; however, the actual granularity may be coarser than the apparent precision. Some DBMS products offer a data type called TIMESTAMP that is not a representation of date and time. Rather, it is a database state counter and does not correspond to calendar and clock time. This requirement does not refer to that meaning of TIMESTAMP. |
| STIG | Date |
|---|---|
| EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide | 2023-11-20 |
Details
| Check Text ( C-63021r938897_chk ) |
|---|
| As the "enterprisedb" operating system user, run the following to verify the log_line_prefix parameter setting: > psql edb -c "SHOW log_line_prefix" If log_line_prefix is not set to "%m" (Timestamp in milliseconds) , this is a finding. |
| Fix Text (F-62930r938898_fix) |
|---|
| As the "enterprisedb" operating system user, run the following to set the log_line_prefix parameter to "%m" (Timestamps in milliseconds) > psql edb -c "ALTER SYSTEM SET log_line_prefix = '%m'" Next, reload the parameter file: > psql edb -c "SELECT pg_reload_conf()" Confirm the new value: > psql edb -c "SHOW log_line_prefix" |