VMware Postgres configuration files must not be accessible by unauthorized users.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-256593 | VCPG-70-000003 | SV-256593r887565_rule | CCI-000171 | medium |
| Description | ||||
| VMware Postgres has a few configuration files that directly control the security posture of the database management system (DBMS). Protecting these files from unauthorized access and modification is fundamental to ensuring the security of VMware Postgres. Satisfies: SRG-APP-000090-DB-000065, SRG-APP-000121-DB-000202, SRG-APP-000122-DB-000203, SRG-APP-000123-DB-000204, SRG-APP-000380-DB-000360 | ||||
| STIG | Date | |||
| VMware vSphere 7.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide | 2023-06-15 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AU-12
1.00
- DISA · V1R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.3.1
1.00
- DISA · V1R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.3.2
1.00
- DISA · V1R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000171
1.00
- DISA · V1R2 · disa_xccdf · related
Details
Check Text (C-256593r887565_chk)
At the command prompt, run the following command:
# find /storage/db/vpostgres/*conf* -xdev -type f -a '(' -not -perm 600 -o -not -user vpostgres -o -not -group vpgmongrp ')' -exec ls -ld {} \;
If any files are returned, this is a finding.
Fix Text (F-60211r887564_fix)
At the command prompt, run the following commands:
# chmod 600 <file>
# chown vpostgres:vpgmongrp <file>
Note: Replace <file> with the file that has incorrect permissions.