CIS PostgreSQL 14 OS v1.0.0

Audit Details

Name: CIS PostgreSQL 14 OS v1.0.0

Updated: 1/4/2023

Authority: CIS

Plugin: Unix

Revision: 1.3

Estimated Item Count: 15

File Details

Filename: CIS_PostgreSQL_14_v1.0.0_L1_OS_Linux.audit

Size: 46.5 kB

MD5: ddcc574e5a34bb65253a37822e3c0770
SHA256: 8e1a34318e692bba7c92f20c76fe1b918e71eeaf6f787593f76fd20fcd84653b

Audit Items

DescriptionCategories
1.1 Ensure packages are obtained from authorized repositories

CONFIGURATION MANAGEMENT, MAINTENANCE

1.2 Ensure systemd Service Files Are Enabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.3 Ensure Data Cluster Initialized Successfully

ACCESS CONTROL, MEDIA PROTECTION

2.1 Ensure the file permissions mask is correct

ACCESS CONTROL, MEDIA PROTECTION

4.1 Ensure sudo is configured correctly - /etc/sudoers

ACCESS CONTROL

4.1 Ensure sudo is configured correctly - /etc/sudoers.d/postgres

ACCESS CONTROL

5.1 Ensure login via 'local' UNIX Domain Socket is configured correctly - local UNIX Domain Socket is configured correctly

IDENTIFICATION AND AUTHENTICATION

5.2 Ensure login via 'host' TCP/IP Socket is configured correctly - host TCP/IP Socket is configured correctly

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - fips_enabled

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - openssl version

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure base backups are configured and functional

CONTINGENCY PLANNING

7.4 Ensure WAL archiving is configured and functional - /var/lib/pgsql/WAL

SYSTEM AND COMMUNICATIONS PROTECTION

7.4 Ensure WAL archiving is configured and functional - archive_command

SYSTEM AND COMMUNICATIONS PROTECTION

7.4 Ensure WAL archiving is configured and functional - archive_mode

SYSTEM AND COMMUNICATIONS PROTECTION

8.3 Ensure the backup and restore tool, 'pgBackRest', is installed and configured

CONTINGENCY PLANNING