← Back to VMware vSphere 8.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide

V-259170

CAT II (Medium)

The vCenter PostgreSQL service must initiate session auditing upon startup.

Rule ID

SV-259170r935414_rule

STIG

VMware vSphere 8.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001464

Discussion

Session auditing is for use when a user's activities are under investigation. To be sure of capturing all activity during those periods when session auditing is in use, it needs to be in operation for the whole time the database management system (DBMS) is running.

Check Content

At the command prompt, run the following command:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -A -t -c "SHOW log_destination;"

Example result:

stderr

If "log_destination" is not set to "stderr" or "syslog", this is a finding.

Fix Text

A script is included with vCenter to generate a PostgreSQL STIG configuration.

At the command prompt, run the following commands:

# chmod +x /opt/vmware/vpostgres/current/bin/vmw_vpg_config/vmw_vpg_config.py
# /opt/vmware/vpostgres/current/bin/vmw_vpg_config/vmw_vpg_config.py --action stig_enable --pg-data-dir /storage/db/vpostgres
# chmod -x /opt/vmware/vpostgres/current/bin/vmw_vpg_config/vmw_vpg_config.py

Restart the PostgreSQL service by running the following command:

# vmon-cli --restart vmware-vpostgres