EP11-00-002300 - The EDB Postgres Advanced Server must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

It is critical that when the DBMS is at risk of failing to process audit logs as required, action be taken to mitigate the failure. Audit processing failures include: software/hardware errors; failures in the audit capturing mechanisms; and audit storage capacity being reached or exceeded. Responses to audit failure depend upon the nature of the failure mode.

When the need for system availability does not outweigh the need for a complete audit trail, the DBMS should shut down immediately, rolling back all in-flight transactions.

Systems where audit trail completeness is paramount will most likely be at a lower MAC level than MAC I; the final determination is the prerogative of the application owner, subject to Authorizing Official concurrence. In any case, sufficient auditing resources must be allocated to avoid a shutdown in all but the most extreme situations.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Modify DBMS, OS, or third-party logging application settings to alert appropriate personnel when a specific percentage of log storage capacity is reached.

If EDB Postgres Enterprise Manager (PEM) is in use, it may be configured to issue an alert, send an email to designated personnel, and shut down the EDB Postgres Advanced Server instance when the audit log mount point is at 99 percent full. Refer to the Supplemental Procedures document, supplied with this STIG, for guidance on configuring PEM alerts.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_EDB_PGS_Advanced_Server_v11_Windows_V2R2_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000140, Rule-ID|SV-224146r508023_rule, STIG-ID|EP11-00-002300, STIG-Legacy|SV-109423, STIG-Legacy|V-100319, Vuln-ID|V-224146

Plugin: Windows

Control ID: 59c5c8f74348d24bde9ffc67c2bd1eaa67d119ece9548a5d748baf234e83477f