← Back to VMW vRealize Operations Manager 6.x PostgreSQL Security Technical Implementation Guide

V-239776

CAT II (Medium)

The vROps PostgreSQL DB must initiate session auditing upon startup.

Rule ID

SV-239776r879562_rule

STIG

VMW vRealize Operations Manager 6.x PostgreSQL Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-001464

Discussion

Session auditing is for use when a user's activities are under investigation. To be sure of capturing all activity during those periods when session auditing is in use, it needs to be in operation for the whole time the DBMS is running.

Check Content

At the command prompt, execute the following command:

# grep '^\s*log_statement\b' /storage/db/vcops/vpostgres/data/postgresql.conf

If log_statement is not set to "all", this is a finding.

Fix Text

At the command prompt, execute the following commands:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "ALTER SYSTEM SET log_statement TO 'all';"
# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "SELECT pg_reload_conf();"