1.1 Ensure packages are obtained from authorized repositories | CONFIGURATION MANAGEMENT |
1.2 Ensure Installation of Binary Packages | CONFIGURATION MANAGEMENT |
1.3 Ensure Installation of Community Packages | SYSTEM AND INFORMATION INTEGRITY |
1.4 Ensure systemd Service Files Are Enabled | CONFIGURATION MANAGEMENT |
1.5 Ensure Data Cluster Initialized Successfully | ACCESS CONTROL |
2.1 Ensure the file permissions mask is correct | ACCESS CONTROL |
2.2 Ensure the PostgreSQL pg_wheel group membership is correct - /etc/group | ACCESS CONTROL |
2.2 Ensure the PostgreSQL pg_wheel group membership is correct - /etc/passwd | ACCESS CONTROL |
4.1 Ensure sudo is configured correctly | ACCESS CONTROL |
4.3 Ensure excessive function privileges are revoked | CONFIGURATION MANAGEMENT |
5.1 Ensure login via 'local' UNIX Domain Socket is configured correctly | IDENTIFICATION AND AUTHENTICATION |
5.2 Ensure login via "host" TCP/IP Socket is configured correctly | SYSTEM AND COMMUNICATIONS PROTECTION |
6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - fips_enabled | SYSTEM AND COMMUNICATIONS PROTECTION |
6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - openssl version | SYSTEM AND COMMUNICATIONS PROTECTION |
7.3 Ensure WAL archiving is configured and functional - archive_command | SYSTEM AND COMMUNICATIONS PROTECTION |
7.3 Ensure WAL archiving is configured and functional - archive_mode | SYSTEM AND COMMUNICATIONS PROTECTION |
8.3 Ensure the backup and restore tool, 'pgBackRest', is installed and configured | CONTINGENCY PLANNING |
CIS_PostgreSQL_11_v1.0.0_L1_OS_Linux.audit from CIS Benchmark for PostgreSQL 11 | |