Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1 Ensure packages are obtained from authorized repositoriesCIS PostgreSQL 12 OS v1.1.0Unix

CONFIGURATION MANAGEMENT, MAINTENANCE

1.2 Ensure systemd Service Files Are EnabledCIS PostgreSQL 15 OS v1.1.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.2 Install only required packagesCIS PostgreSQL 13 OS v1.2.0Unix

CONFIGURATION MANAGEMENT

1.3 Ensure Data Cluster Initialized SuccessfullyCIS PostgreSQL 12 OS v1.1.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.3 Ensure Data Cluster Initialized SuccessfullyCIS PostgreSQL 16 OS v1.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.4 Ensure Data Cluster Initialized SuccessfullyCIS PostgreSQL 13 OS v1.2.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.5 Ensure the Latest Security Patches are AppliedCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

SYSTEM AND SERVICES ACQUISITION

3.1.2 Ensure the log destinations are set correctlyCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.2 Ensure the log destinations are set correctlyCIS PostgreSQL 16 DB v1.0.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.3 Ensure the logging collector is enabledCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.5 Ensure the filename pattern for log files is set correctlyCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.5 Ensure the filename pattern for log files is set correctlyCIS PostgreSQL 16 DB v1.0.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.6 Ensure the log file permissions are set correctlyCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

ACCESS CONTROL, MEDIA PROTECTION

3.1.6 Ensure the log file permissions are set correctlyCIS PostgreSQL 16 DB v1.0.0PostgreSQLDB

ACCESS CONTROL, MEDIA PROTECTION

3.1.7 Ensure 'log_truncate_on_rotation' is enabledCIS PostgreSQL 16 DB v1.0.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.8 Ensure the maximum log file lifetime is set correctlyCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.9 Ensure the maximum log file size is set correctlyCIS PostgreSQL 15 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.11 Ensure syslog messages are not suppressedCIS PostgreSQL 15 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.13 Ensure the program name for PostgreSQL syslog messages is correctCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.15 Ensure 'log_min_duration_statement' is disabledCIS PostgreSQL 9.5 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.16 Ensure 'debug_print_parse' is disabledCIS PostgreSQL 16 DB v1.0.0PostgreSQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.1.20 Ensure 'log_connections' is enabledCIS PostgreSQL 15 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.22 Ensure 'log_error_verbosity' is set correctlyCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.22 Ensure 'log_error_verbosity' is set correctly - log_error_verbosity is set correctlyCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.26 Ensure 'log_timezone' is set correctly - log_timezone is set correctlyCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled - pgaudit installedCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

4.1 Ensure sudo is configured correctlyCIS PostgreSQL 15 OS v1.1.0Unix

ACCESS CONTROL

4.3 Ensure excessive function privileges are revokedCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.4 Ensure excessive DML privileges are revokedCIS PostgreSQL 16 DB v1.0.0PostgreSQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.4 Lock Out Accounts if Not Currently in UseCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

ACCESS CONTROL

4.5 Ensure Row Level Security (RLS) is configured correctlyCIS PostgreSQL 15 DB v1.1.0PostgreSQLDB

ACCESS CONTROL, MEDIA PROTECTION

4.6 Ensure the set_user extension is installedCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

ACCESS CONTROL

4.7 Make use of predefined rolesCIS PostgreSQL 16 DB v1.0.0PostgreSQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.9 Make use of predefined rolesCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.2 Ensure login via 'host' TCP/IP Socket is configured correctlyCIS PostgreSQL 12 OS v1.1.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.2 Ensure 'backend' runtime parameters are configured correctlyCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

CONFIGURATION MANAGEMENT

6.2 Ensure 'backend' runtime parameters are configured correctlyCIS PostgreSQL 15 DB v1.1.0PostgreSQLDB

CONFIGURATION MANAGEMENT

6.2 Ensure 'backend' runtime parameters are configured correctlyCIS PostgreSQL 16 DB v1.0.0PostgreSQLDB

CONFIGURATION MANAGEMENT

6.3 Ensure 'Postmaster' Runtime Parameters are ConfiguredCIS PostgreSQL 15 DB v1.1.0PostgreSQLDB

CONFIGURATION MANAGEMENT

6.6 Ensure 'User' Runtime Parameters are ConfiguredCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

CONFIGURATION MANAGEMENT

6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is UsedCIS PostgreSQL 13 OS v1.2.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is UsedCIS PostgreSQL 16 OS v1.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.8 Ensure TLS is enabled and configured correctlyCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.9 Ensure the pgcrypto extension is installed and configured correctlyCIS PostgreSQL 16 DB v1.0.0PostgreSQLDB

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure base backups are configured and functionalCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

CONTINGENCY PLANNING

7.3 Ensure base backups are configured and functionalCIS PostgreSQL 16 DB v1.0.0PostgreSQLDB

CONTINGENCY PLANNING

7.4 Ensure WAL archiving is configured and functionalCIS PostgreSQL 15 DB v1.1.0PostgreSQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1 Ensure PostgreSQL subdirectory locations are outside the data clusterCIS PostgreSQL 16 DB v1.0.0PostgreSQLDB

CONFIGURATION MANAGEMENT

8.2 Ensure the backup and restore tool, 'pgBackRest', is installed and configuredCIS PostgreSQL 13 OS v1.2.0Unix

CONTINGENCY PLANNING

8.3 Ensure miscellaneous configuration settings are correctCIS PostgreSQL 15 DB v1.1.0PostgreSQLDB

CONFIGURATION MANAGEMENT