Detections
Analytics
CD12-00-005200 - PostgreSQL must generate audit records when security objects are deleted.
Information
The removal of security objects from the database/PostgreSQL would seriously degrade a system's information assurance posture. If such an event occurs, it must be logged.Solution
Note: The following instructions use the PGDATA and PGVER environment variables. See supplementary content APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER.Using pgaudit PostgreSQL can be configured to audit these requests. See supplementary content APPENDIX-B for documentation on installing pgaudit.
With pgaudit installed the following configurations can be made:
$ sudo su - postgres
$ vi ${PGDATA?}/postgresql.conf
Add the following parameters (or edit existing parameters):
pgaudit.log = 'ddl'
Now, as the system administrator, reload the server with the new configuration:
$ sudo systemctl reload postgresql-${PGVER?}
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CD_PGSQL_V3R1_STIG.zip
Item Details
Audit Name: DISA STIG Crunchy Data PostgreSQL DB v3r1
Category: AUDIT AND ACCOUNTABILITY
References: 800-53|AU-12c., CAT|II, CCI|CCI-000172, Rule-ID|SV-233559r961818_rule, STIG-ID|CD12-00-005200, Vuln-ID|V-233559
Plugin: PostgreSQLDB
Control ID: a354d4969d250b7d228284e4930c036d1fa9e5fd4c56fd25fd115c1feb4c93d3