VMware Postgres configuration files must not be accessible by unauthorized users.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-256593 | VCPG-70-000003 | SV-256593r887565_rule | CCI-000171 | medium |
| Description | ||||
| VMware Postgres has a few configuration files that directly control the security posture of the database management system (DBMS). Protecting these files from unauthorized access and modification is fundamental to ensuring the security of VMware Postgres. Satisfies: SRG-APP-000090-DB-000065, SRG-APP-000121-DB-000202, SRG-APP-000122-DB-000203, SRG-APP-000123-DB-000204, SRG-APP-000380-DB-000360 | ||||
| STIG | Date | |||
| VMware vSphere 7.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide | 2023-06-15 | |||
Details
Check Text (C-256593r887565_chk)
At the command prompt, run the following command:
# find /storage/db/vpostgres/*conf* -xdev -type f -a '(' -not -perm 600 -o -not -user vpostgres -o -not -group vpgmongrp ')' -exec ls -ld {} \;
If any files are returned, this is a finding.
Fix Text (F-60211r887564_fix)
At the command prompt, run the following commands:
# chmod 600 <file>
# chown vpostgres:vpgmongrp <file>
Note: Replace <file> with the file that has incorrect permissions.