CIS PostgreSQL 13 DB v1.1.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS PostgreSQL 13 DB v1.1.0

Updated: 6/17/2024

Authority: CIS

Plugin: PostgreSQLDB

Revision: 1.2

Estimated Item Count: 55

File Details

Filename: CIS_PostgreSQL_13_v1.1.0_L1_Database.audit

Size: 116 kB

MD5: 372a2fa1b7ba227928a6fe51cc19553e
SHA256: 6e76ac39f09073cddc762bc1a186b8b5b784d675a878376e1e00d5438a2329bb

Audit Items

DescriptionCategories
3.1.2 Ensure the log destinations are set correctly
3.1.3 Ensure the logging collector is enabled
3.1.4 Ensure the log file destination directory is set correctly
3.1.5 Ensure the filename pattern for log files is set correctly
3.1.6 Ensure the log file permissions are set correctly
3.1.7 Ensure 'log_truncate_on_rotation' is enabled
3.1.8 Ensure the maximum log file lifetime is set correctly
3.1.9 Ensure the maximum log file size is set correctly
3.1.10 Ensure the correct syslog facility is selected
3.1.11 Ensure syslog messages are not suppressed
3.1.12 Ensure syslog messages are not lost due to size
3.1.13 Ensure the program name for PostgreSQL syslog messages is correct
3.1.14 Ensure the correct messages are written to the server log
3.1.15 Ensure the correct SQL statements generating errors are recorded
3.1.16 Ensure 'debug_print_parse' is disabled - debug_print_parse is disabled
3.1.17 Ensure 'debug_print_rewritten' is disabled - debug_print_rewritten is disabled
3.1.18 Ensure 'debug_print_plan' is disabled - debug_print_plan is disabled
3.1.19 Ensure 'debug_pretty_print' is enabled - debug_pretty_print is enabled
3.1.20 Ensure 'log_connections' is enabled - log_connections is enabled
3.1.21 Ensure 'log_disconnections' is enabled - log_disconnections is enabled
3.1.22 Ensure 'log_error_verbosity' is set correctly - log_error_verbosity is set correctly
3.1.23 Ensure 'log_hostname' is set correctly - log_hostname is set correctly
3.1.24 Ensure 'log_line_prefix' is set correctly - log_line_prefix is set correctly
3.1.25 Ensure 'log_statement' is set correctly - log_statement is set correctly
3.1.26 Ensure 'log_timezone' is set correctly - log_timezone is set correctly
3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled - pgaudit installed
3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled - show pgaudit.log
4.2 Ensure excessive administrative privileges are revoked
4.3 Ensure excessive function privileges are revoked
4.4 Ensure excessive DML privileges are revoked
4.5 Ensure Row Level Security (RLS) is configured correctly - RLS is configured correctly
4.6 Ensure the set_user extension is installed
4.7 Make use of predefined roles
6.1 Understanding attack vectors and runtime parameters
6.2 Ensure 'backend' runtime parameters are configured correctly - ignore_system_indexes
6.2 Ensure 'backend' runtime parameters are configured correctly - jit_debugging_support
6.2 Ensure 'backend' runtime parameters are configured correctly - jit_profiling_support
6.2 Ensure 'backend' runtime parameters are configured correctly - log_connections
6.2 Ensure 'backend' runtime parameters are configured correctly - log_disconnections
6.2 Ensure 'backend' runtime parameters are configured correctly - post_auth_delay
6.3 Ensure 'Postmaster' Runtime Parameters are Configured
6.4 Ensure 'SIGHUP' Runtime Parameters are Configured
6.5 Ensure 'Superuser' Runtime Parameters are Configured
6.6 Ensure 'User' Runtime Parameters are Configured
6.8 Ensure TLS is enabled and configured correctly
6.9 Ensure the pgcrypto extension is installed and configured correctly
7.1 Ensure a replication-only user is created and used for streaming replication
7.2 Ensure logging of replication commands is configured
7.3 Ensure base backups are configured and functional
7.4 Ensure WAL archiving is configured and functional - archive_command