← Back to VMware vSphere 7.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide

V-256593

CAT II (Medium)

VMware Postgres configuration files must not be accessible by unauthorized users.

Rule ID

SV-256593r887565_rule

STIG

VMware vSphere 7.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000171 CCI-001493 CCI-001494 CCI-001495 CCI-001813

Discussion

VMware Postgres has a few configuration files that directly control the security posture of the database management system (DBMS). Protecting these files from unauthorized access and modification is fundamental to ensuring the security of VMware Postgres. Satisfies: SRG-APP-000090-DB-000065, SRG-APP-000121-DB-000202, SRG-APP-000122-DB-000203, SRG-APP-000123-DB-000204, SRG-APP-000380-DB-000360

Check Content

At the command prompt, run the following command:

# find /storage/db/vpostgres/*conf* -xdev -type f -a '(' -not -perm 600 -o -not -user vpostgres -o -not -group vpgmongrp ')' -exec ls -ld {} \;

If any files are returned, this is a finding.

Fix Text

At the command prompt, run the following commands:

# chmod 600 <file>
# chown vpostgres:vpgmongrp <file>

Note: Replace <file> with the file that has incorrect permissions.