UCF STIG Viewer Logo

The vROps PostgreSQL DB must generate audit records when unsuccessful accesses to objects occur.


Overview

Finding ID Version Rule ID IA Controls Severity
V-88339 VROM-PG-000595 SV-98989r1_rule Medium
Description
Without tracking all or selected types of access to all or selected objects (tables, views, procedures, functions, etc.), it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. In an SQL environment, types of access include, but are not necessarily limited to: SELECT INSERT UPDATE DELETE EXECUTE To aid in diagnosis, it is necessary to keep track of failed attempts in addition to the successful ones.
STIG Date
VMW vRealize Operations Manager 6.x PostgreSQL Security Technical Implementation Guide 2018-10-11

Details

Check Text ( C-88031r1_chk )
At the command prompt, execute the following command:

# grep '^\s*log_statement\b' /storage/db/vcops/vpostgres/data/postgresql.conf

If "log_statement" is not set to "all", this is a finding.
Fix Text (F-95081r1_fix)
At the command prompt, execute the following commands:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "ALTER SYSTEM SET log_statement TO 'all';"
# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "SELECT pg_reload_conf();"