The vCenter PostgreSQL service must initiate session auditing upon startup.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-259170 | VCPG-80-000009 | SV-259170r935414_rule | CCI-001464 | medium |
| Description | ||||
| Session auditing is for use when a user's activities are under investigation. To be sure of capturing all activity during those periods when session auditing is in use, it needs to be in operation for the whole time the database management system (DBMS) is running. | ||||
| STIG | Date | |||
| VMware vSphere 8.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide | 2023-10-29 | |||
Details
Check Text (C-259170r935414_chk)
At the command prompt, run the following command:
# /opt/vmware/vpostgres/current/bin/psql -U postgres -A -t -c "SHOW log_destination;"
Example result:
stderr
If "log_destination" is not set to "stderr" or "syslog", this is a finding.
Fix Text (F-62819r935413_fix)
A script is included with vCenter to generate a PostgreSQL STIG configuration.
At the command prompt, run the following commands:
# chmod +x /opt/vmware/vpostgres/current/bin/vmw_vpg_config/vmw_vpg_config.py
# /opt/vmware/vpostgres/current/bin/vmw_vpg_config/vmw_vpg_config.py --action stig_enable --pg-data-dir /storage/db/vpostgres
# chmod -x /opt/vmware/vpostgres/current/bin/vmw_vpg_config/vmw_vpg_config.py
Restart the PostgreSQL service by running the following command:
# vmon-cli --restart vmware-vpostgres