1.1 Ensure packages are obtained from authorized repositories | CONFIGURATION MANAGEMENT, MAINTENANCE |
1.2 Install only required packages | CONFIGURATION MANAGEMENT |
1.3 Ensure systemd Service Files Are Enabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
1.4 Ensure Data Cluster Initialized Successfully | ACCESS CONTROL, MEDIA PROTECTION |
1.6 Verify That 'PGPASSWORD' is Not Set in Users' Profiles | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
1.7 Verify That the 'PGPASSWORD' Environment Variable is Not in Use | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.1 Ensure the file permissions mask is correct | ACCESS CONTROL, MEDIA PROTECTION |
2.2 Ensure extension directory has appropriate ownership and permissions | ACCESS CONTROL, MEDIA PROTECTION |
2.3 Disable PostgreSQL Command History | MEDIA PROTECTION |
2.4 Ensure Passwords are Not Stored in the service file | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
4.1 Ensure Interactive Login is Disabled | ACCESS CONTROL |
4.2 Ensure sudo is configured correctly | ACCESS CONTROL |
5.3 Ensure login via 'local' UNIX Domain Socket is configured correctly | IDENTIFICATION AND AUTHENTICATION |
5.4 Ensure login via 'host' TCP/IP Socket is configured correctly | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
6.10 Ensure Weak SSL/TLS Ciphers Are Disabled | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
8.2 Ensure the backup and restore tool, 'pgBackRest', is installed and configured | CONTINGENCY PLANNING |
CIS_PostgreSQL_13_v1.2.0_L1_OS_Linux.audit from CIS PostgreSQL 13 Benchmark v1.2.0 | |