Information
A 'base backup' is a copy of the PRIMARY host's data cluster ($PGDATA) and is used to create STANDBY hosts and for Point In Time Recovery (PITR) mechanisms. Base backups should be copied across networks in a secure manner using an encrypted transport mechanism. The PostgreSQL CLI pg_basebackup can be used, however, TLS encryption should be enabled on the server as per section 6.8 of this benchmark. The pgBackRest tool detailed in section 8.3 of this benchmark can also be used to create a 'base backup'.
Rationale:
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Executing base backups using pg_basebackup requires the following steps on the standby server:
$ whoami
postgres
$ pg_basebackup --host=name_or_IP_of_master \
--port=5432 \
--username=replication_user \
--pgdata=~postgres/12/data \
--progress --verbose --write-recovery-conf --wal-method=stream