CIS PostgreSQL 14 OS v 1.2.0

Audit Details

Name: CIS PostgreSQL 14 OS v 1.2.0

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 18

File Details

Filename: CIS_PostgreSQL_14_v1.2.0_L1_OS_Linux.audit

Size: 55.6 kB

MD5: 56b9931520b25b10a0f8963ce2e02321
SHA256: 423f09cf2f49ca074238e91fddef96d855d40591476ac83f30aa87cc96d44194

Audit Items

DescriptionCategories
1.1 Ensure packages are obtained from authorized repositories

CONFIGURATION MANAGEMENT, MAINTENANCE

1.3 Ensure systemd Service Files Are Enabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.4 Ensure Data Cluster Initialized Successfully

ACCESS CONTROL, MEDIA PROTECTION

1.6 Verify That 'PGPASSWORD' is Not Set in Users' Profiles

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.7 Verify That the 'PGPASSWORD' Environment Variable is Not in Use

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1 Ensure the file permissions mask is correct

ACCESS CONTROL, MEDIA PROTECTION

2.2 Ensure extension directory has appropriate ownership and permissions

ACCESS CONTROL, MEDIA PROTECTION

2.3 Disable PostgreSQL Command History

MEDIA PROTECTION

2.4 Ensure Passwords are Not Stored in the service file

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1 Ensure Interactive Login is Disabled

ACCESS CONTROL

4.2 Ensure sudo is configured correctly

ACCESS CONTROL

5.1 Do Not Specify Passwords in the Command Line

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3 Ensure login via 'local' UNIX Domain Socket is configured correctly

IDENTIFICATION AND AUTHENTICATION

5.4 Ensure login via 'host' TCP/IP Socket is configured correctly

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.10 Ensure Weak SSL/TLS Ciphers Are Disabled

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.2 Ensure the backup and restore tool, 'pgBackRest', is installed and configured

CONTINGENCY PLANNING

CIS_PostgreSQL_14_v 1.2.0_L1_OS_Linux.audit from CIS PostgreSQL 14 Benchmark v 1.2.0