PostgreSQL must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accordance with the Ports, Protocols, and Services Management (PPSM) guidance.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-261926 | CD16-00-008000 | SV-261926r1000783_rule | CCI-001762 | medium |
| Description | ||||
| Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats. | ||||
| STIG | Date | |||
| Crunchy Data Postgres 16 Security Technical Implementation Guide | 2024-06-17 | |||
Details
Check Text (C-261926r1000783_chk)
As the database administrator, run the following SQL:
$ psql -c "SHOW port"
If the currently defined port configuration is deemed prohibited, this is a finding.
Fix Text (F-65688r1000782_fix)
Note: The following instructions use the PGDATA and PGVER environment variables. Refer to APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER.
To change the listening port of the database, as the database administrator, change the following setting in postgresql.conf:
$ sudo su - postgres
$ vi $PGDATA/postgresql.conf
Change the port parameter to the desired port.
Restart the database:
$ sudo systemctl restart postgresql-${PGVER?}
Note: psql uses the port 5432 by default. This can be changed by specifying the port with psql or by setting the PGPORT environment variable:
$ psql -p 5432 -c "SHOW port"
$ export PGPORT=5432