Rule ID
SV-256591r887559_rule
Version
V1R2
CCIs
Database management includes the ability to control the number of users and user sessions utilizing a database management system (DBMS). Unlimited concurrent connections to the DBMS could allow a successful denial-of-service (DoS) attack by exhausting connection resources, and a system can also fail or be degraded by an overload of legitimate users. Limiting the number of concurrent sessions per user is helpful in reducing these risks. VMware Postgres as deployed on the vCenter Service Appliance (VCSA) comes preconfigured with a "max_connections" limit that is appropriate for all tested, supported scenarios. The out-of-the-box configuration is dynamic, based on a lower limit plus allowances for the resources assigned to VCSA and the deployment size. However, this number will always be between 100 and 1000 (inclusive).
At the command prompt, run the following command: # /opt/vmware/vpostgres/current/bin/psql -U postgres -A -t -c "SHOW max_connections;" If the returned number is not greater than or equal to 100 and less than or equal to 1000, this is a finding.
At the command prompt, run the following command: # vmon-cli --restart vmware-vpostgres Note: Restarting the service runs the "pg_tuning" script that will configure "max_connections" to the appropriate value based on the allocated memory for vCenter.