CIS PostgreSQL 13 OS v1.2.0

Audit Details

Name: CIS PostgreSQL 13 OS v1.2.0

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 18

File Details

Filename: CIS_PostgreSQL_13_v1.2.0_L1_OS_Linux.audit

Size: 54.4 kB

MD5: dea13f3b19c4d60f88c06656bcf3ba35
SHA256: f8c50881e214bc543a402fa15116990ff1b7442864a2801a15e555a569e930f1

Audit Items

DescriptionCategories
1.1 Ensure packages are obtained from authorized repositories

CONFIGURATION MANAGEMENT, MAINTENANCE

1.2 Install only required packages

CONFIGURATION MANAGEMENT

1.3 Ensure systemd Service Files Are Enabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.4 Ensure Data Cluster Initialized Successfully

ACCESS CONTROL, MEDIA PROTECTION

1.6 Verify That 'PGPASSWORD' is Not Set in Users' Profiles

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.7 Verify That the 'PGPASSWORD' Environment Variable is Not in Use

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1 Ensure the file permissions mask is correct

ACCESS CONTROL, MEDIA PROTECTION

2.2 Ensure extension directory has appropriate ownership and permissions

ACCESS CONTROL, MEDIA PROTECTION

2.3 Disable PostgreSQL Command History

MEDIA PROTECTION

2.4 Ensure Passwords are Not Stored in the service file

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1 Ensure Interactive Login is Disabled

ACCESS CONTROL

4.2 Ensure sudo is configured correctly

ACCESS CONTROL

5.3 Ensure login via 'local' UNIX Domain Socket is configured correctly

IDENTIFICATION AND AUTHENTICATION

5.4 Ensure login via 'host' TCP/IP Socket is configured correctly

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.10 Ensure Weak SSL/TLS Ciphers Are Disabled

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.2 Ensure the backup and restore tool, 'pgBackRest', is installed and configured

CONTINGENCY PLANNING

CIS_PostgreSQL_13_v1.2.0_L1_OS_Linux.audit from CIS PostgreSQL 13 Benchmark v1.2.0