CIS PostgreSQL 9.5 DB v1.1.0

Audit Details

Name: CIS PostgreSQL 9.5 DB v1.1.0

Updated: 6/17/2024

Authority: CIS

Plugin: PostgreSQLDB

Revision: 1.2

Estimated Item Count: 54

File Details

Filename: CIS_PostgreSQL_9.5_v1.1.0_L1_Database.audit

Size: 127 kB

MD5: 3ca6af44b5788c84f96a46ec04321b6a
SHA256: c0f28452caf6a6bbdab0a385abf3e4b52e8c5fe203df292054b1c275c19f1ca2

Audit Items

DescriptionCategories
3.1.2 Ensure the log destinations are set correctly

AUDIT AND ACCOUNTABILITY

3.1.3 Ensure the logging collector is enabled

AUDIT AND ACCOUNTABILITY

3.1.4 Ensure the log file destination directory is set correctly

AUDIT AND ACCOUNTABILITY

3.1.5 Ensure the filename pattern for log files is set correctly

AUDIT AND ACCOUNTABILITY

3.1.6 Ensure the log file permissions are set correctly

ACCESS CONTROL

3.1.7 Ensure 'log_truncate_on_rotation' is enabled

AUDIT AND ACCOUNTABILITY

3.1.8 Ensure the maximum log file lifetime is set correctly

AUDIT AND ACCOUNTABILITY

3.1.9 Ensure the maximum log file size is set correctly

AUDIT AND ACCOUNTABILITY

3.1.10 Ensure the correct syslog facility is selected

AUDIT AND ACCOUNTABILITY

3.1.11 Ensure the program name for PostgreSQL syslog messages is correct

AUDIT AND ACCOUNTABILITY

3.1.12 Ensure the correct messages are sent to the database client

AUDIT AND ACCOUNTABILITY

3.1.13 Ensure the correct messages are written to the server log

AUDIT AND ACCOUNTABILITY

3.1.14 Ensure the correct SQL statements generating errors are recorded

AUDIT AND ACCOUNTABILITY

3.1.15 Ensure 'log_min_duration_statement' is disabled

AUDIT AND ACCOUNTABILITY

3.1.16 Ensure 'debug_print_parse' is disabled

AUDIT AND ACCOUNTABILITY

3.1.17 Ensure 'debug_print_rewritten' is disabled

AUDIT AND ACCOUNTABILITY

3.1.18 Ensure 'debug_print_plan' is disabled

AUDIT AND ACCOUNTABILITY

3.1.19 Ensure 'debug_pretty_print' is enabled

AUDIT AND ACCOUNTABILITY

3.1.20 Ensure 'log_checkpoints' is enabled

AUDIT AND ACCOUNTABILITY

3.1.21 Ensure 'log_connections' is enabled

AUDIT AND ACCOUNTABILITY

3.1.22 Ensure 'log_disconnections' is enabled

AUDIT AND ACCOUNTABILITY

3.1.23 Ensure 'log_duration' is enabled

AUDIT AND ACCOUNTABILITY

3.1.24 Ensure 'log_error_verbosity' is set correctly

AUDIT AND ACCOUNTABILITY

3.1.25 Ensure 'log_hostname' is set correctly

AUDIT AND ACCOUNTABILITY

3.1.26 Ensure 'log_line_prefix' is set correctly

AUDIT AND ACCOUNTABILITY

3.1.27 Ensure 'log_lock_waits' is enabled

AUDIT AND ACCOUNTABILITY

3.1.28 Ensure 'log_statement' is set correctly

AUDIT AND ACCOUNTABILITY

3.1.29 Ensure all temporary files are logged

AUDIT AND ACCOUNTABILITY

3.1.30 Ensure 'log_timezone' is set correctly

AUDIT AND ACCOUNTABILITY

3.1.31 Ensure 'log_parser_stats' is disabled

AUDIT AND ACCOUNTABILITY

3.1.32 Ensure 'log_planner_stats' is disabled

AUDIT AND ACCOUNTABILITY

3.1.33 Ensure 'log_executor_stats' is disabled

AUDIT AND ACCOUNTABILITY

3.1.34 Ensure 'log_statement_stats' is disabled

AUDIT AND ACCOUNTABILITY

3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled - pgaudit installed

AUDIT AND ACCOUNTABILITY

3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled - audit.log

AUDIT AND ACCOUNTABILITY

4.4 Ensure excessive function privileges are revoked

ACCESS CONTROL

4.5 Ensure excessive DML privileges are revoked

ACCESS CONTROL

4.6 Ensure Row Level Security (RLS) is configured correctly

ACCESS CONTROL

4.7 Ensure the set_user extension is installed

ACCESS CONTROL

6.2 Ensure 'backend' runtime parameters are configured correctly

CONFIGURATION MANAGEMENT

6.3 Ensure 'Postmaster' Runtime Parameters are Configured

SYSTEM AND SERVICES ACQUISITION

6.4 Ensure 'SIGHUP' Runtime Parameters are Configured

SYSTEM AND SERVICES ACQUISITION

6.5 Ensure 'Superuser' Runtime Parameters are Configured

ACCESS CONTROL

6.6 Ensure 'User' Runtime Parameters are Configured

ACCESS CONTROL

6.8 Ensure SSL is enabled and configured correctly

SYSTEM AND COMMUNICATIONS PROTECTION

6.9 Ensure the pgcrypto extension is installed and configured correctly

SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure SSL Certificates are Configured For Replication - ssl cert file

SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure SSL Certificates are Configured For Replication - ssl key file

SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure a replication-only user is created and used for streaming replication

ACCESS CONTROL

7.3 Ensure base backups are configured and functional

CONTINGENCY PLANNING