InformationThe PostgreSQL packages are installed on the Operating System from valid source.
Standard Linux distributions, although possessing the requisite packages, often do not have PostgreSQL pre-installed. The installation process includes installing the binaries and the means to generate a data cluster too. Package installation should include both the server and client packages. Contribution modules are optional depending upon one's architectural requirements (they are recommended though).
From a security perspective, it's imperative to verify the PostgreSQL binary packages are sourced from a valid software repository. For a complete listing of all PostgreSQL binaries available via configured repositories inspect the output from dnf provides '*libpq.so'.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
SolutionIf the version of PostgreSQL installed is not 12.x, the packages may be uninstalled using this command:
$ dnf remove $(rpm -qa|grep postgres)
The next recommendation '1.3 Ensure Installation of Community Packages' describes how to explicitly choose which version of PostgreSQL to install, regardless of Linux distribution association.
If the PostgreSQL version shipped as part of the default binary installation associated with your Linux distribution satisfies your requirements, this may be adequate for development and testing purposes. However, for production instances it's generally recommended to install the latest stable release of PostgreSQL.