Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1 Ensure packages are obtained from authorized repositoriesCIS PostgreSQL 11 OS v1.0.0Unix

CONFIGURATION MANAGEMENT

1.3 Ensure Installation of Community PackagesCIS PostgreSQL 10 OS v1.0.0Unix

SYSTEM AND INFORMATION INTEGRITY

1.5 Ensure Data Cluster Initialized SuccessfullyCIS PostgreSQL 11 OS v1.0.0Unix

ACCESS CONTROL

2.1 Ensure the file permissions mask is correctCIS PostgreSQL 12 OS v1.1.0Unix

ACCESS CONTROL, MEDIA PROTECTION

2.2 Ensure the PostgreSQL pg_wheel group membership is correct - /etc/groupCIS PostgreSQL 10 OS v1.0.0Unix

ACCESS CONTROL

3.1.4 Ensure the log file destination directory is set correctlyCIS PostgreSQL 11 DB v1.0.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.6 Ensure the log file permissions are set correctlyCIS PostgreSQL 11 DB v1.0.0PostgreSQLDB

ACCESS CONTROL

3.1.6 Ensure the log file permissions are set correctlyCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

ACCESS CONTROL, MEDIA PROTECTION

3.1.8 Ensure the maximum log file lifetime is set correctlyCIS PostgreSQL 11 DB v1.0.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.10 Ensure the correct syslog facility is selectedCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.12 Ensure the correct messages are written to the server logCIS PostgreSQL 10 DB v1.0.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.12 Ensure the correct messages are written to the server logCIS PostgreSQL 11 DB v1.0.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.14 Ensure the correct messages are written to the server logCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.16 Ensure 'debug_print_parse' is disabled - debug_print_parse is disabledCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.1.17 Ensure 'debug_print_rewritten' is disabledCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.1.19 Ensure 'debug_pretty_print' is enabledCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.20 Ensure 'log_connections' is enabledCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.20 Ensure 'log_error_verbosity' is set correctlyCIS PostgreSQL 10 DB v1.0.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.22 Ensure 'log_line_prefix' is set correctlyCIS PostgreSQL 10 DB v1.0.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.23 Ensure 'log_hostname' is set correctlyCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.1.24 Ensure 'log_line_prefix' is set correctlyCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled - audit.logCIS PostgreSQL 10 DB v1.0.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled - pgaudit installedCIS PostgreSQL 11 DB v1.0.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled - show pgaudit.logCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

4.1 Ensure sudo is configured correctlyCIS PostgreSQL 11 OS v1.0.0Unix

ACCESS CONTROL

4.1 Ensure sudo is configured correctly - /etc/sudoers.d/postgresCIS PostgreSQL 12 OS v1.1.0Unix

ACCESS CONTROL

4.2 Ensure excessive administrative privileges are revokedCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.3 Ensure excessive administrative privileges are revokedCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.5 Ensure Row Level Security (RLS) is configured correctly - RLS is configured correctlyCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

ACCESS CONTROL, MEDIA PROTECTION

4.5 Use pg_permission extension to audit object permissionsCIS PostgreSQL 10 DB v1.0.0PostgreSQLDB

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

4.7 Make use of predefined rolesCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.1 Ensure login via 'local' UNIX Domain Socket is configured correctlyCIS PostgreSQL 11 OS v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

5.2 Ensure login via "host" TCP/IP Socket is configured correctlyCIS PostgreSQL 11 OS v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

6.2 Ensure 'backend' runtime parameters are configured correctlyCIS PostgreSQL 10 DB v1.0.0PostgreSQLDB

CONFIGURATION MANAGEMENT

6.2 Ensure 'backend' runtime parameters are configured correctlyCIS PostgreSQL 11 DB v1.0.0PostgreSQLDB

CONFIGURATION MANAGEMENT

6.3 Ensure 'Postmaster' Runtime Parameters are ConfiguredCIS PostgreSQL 11 DB v1.0.0PostgreSQLDB

CONFIGURATION MANAGEMENT

6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - fips_enabledCIS PostgreSQL 10 OS v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - fips_enabledCIS PostgreSQL 12 OS v1.1.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.9 Ensure the pgcrypto extension is installed and configured correctlyCIS PostgreSQL 10 DB v1.0.0PostgreSQLDB

SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure a replication-only user is created and used for streaming replicationCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

ACCESS CONTROL

7.2 Ensure logging of replication commands is configuredCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

ACCESS CONTROL

7.2 Ensure logging of replication commands is configuredCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

ACCESS CONTROL

7.4 Ensure WAL archiving is configured and functionalCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.4 Ensure WAL archiving is configured and functional - archive_modeCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.3 Ensure the backup and restore tool, 'pgBackRest', is installed and configuredCIS PostgreSQL 10 OS v1.0.0Unix

CONTINGENCY PLANNING

8.3 Ensure the backup and restore tool, 'pgBackRest', is installed and configuredCIS PostgreSQL 11 OS v1.0.0Unix

CONTINGENCY PLANNING

9.6 Ensure root PATH Integrity - dot in pathCIS Solaris 11 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT

9.6 Ensure root PATH Integrity - writeable dir in pathCIS Solaris 11 L1 v1.1.0Unix

ACCESS CONTROL

9.9 Check Permissions on User .netrc FilesCIS Solaris 11 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT

9.14 Check User Home Directory OwnershipCIS Solaris 11 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT