← Back to EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide

V-213659

CAT II (Medium)

The EDB Postgres Advanced Server must generate audit records showing starting and ending time for user access to the database(s).

Rule ID

SV-213659r879876_rule

STIG

EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000172

Discussion

For completeness of forensic analysis, it is necessary to know how long a user's (or other principal's) connection to the DBMS lasts. This can be achieved by recording disconnections, in addition to logons/connections, in the audit logs. Disconnection may be initiated by the user or forced by the system (as in a timeout) or result from a system or network failure. To the greatest extent possible, all disconnections must be logged.

Check Content

Execute the following SQL as enterprisedb:

SHOW edb_audit_connect;

If the result is not "all" or if the current setting for this requirement has not been noted and approved by the organization in the system documentation, this is a finding.

Fix Text

Execute the following SQL as enterprisedb:

ALTER SYSTEM SET edb_audit_connect = 'all';
ALTER SYSTEM SET edb_audit_disconnect = 'all';
SELECT pg_reload_conf();   

or

Update the system documentation to note the organizationally approved setting and corresponding justification of the setting for this requirement.