← Back to EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide

V-259312

CAT II (Medium)

The EDB Postgres Advanced Server must generate audit records when security objects are deleted.

Rule ID

SV-259312r961818_rule

STIG

EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-000172

Discussion

The removal of security objects from the database/DBMS would seriously degrade a system's information assurance posture. If such an event occurs, it must be logged.

Check Content

Execute the following SQL the "enterprisedb" operating system user:

> psql edb -c "SHOW edb_audit_statement"

If the result is not "all" or if the current setting for this requirement has not been noted and approved by the organization in the system documentation, this is a finding.

Fix Text

Execute the following SQL as the "enterprisedb" operating system user:

> psql edb -c "ALTER SYSTEM SET edb_audit_statement = 'all'"
> psql edb -c "SELECT pg_reload_conf()"

or

Update the system documentation to note the organizationally approved setting and corresponding justification of the setting for this requirement.