1.2 Install only required packages

Information

Depending on the distribution, several other packages next to the mandatory postgresql might have been installed upon a system. Typical add-on packages are:

postgresql-doc: PostgreSQL documentation.

phppgadmin: PostgreSQL web-based administration tool.

...

Rationale:

Unused packages can increase the potential attack surface of the system.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Examine the installed packages:

Debian: dpkg -l $(apt-cache search postgresql --names-only| awk '{print $1}') 2>&1 | grep -v 'no packages found'

RHEL: rpm -q $(dnf search postgresql | cut -d: -f1 | cut -d. -f1) 2>&1 | grep -Ev 'package.*is not installed'

Remove any identified packages that are undesired:

Debian: apt purge <pkg>

RHEL: dnf erase <pkg>

See Also

https://workbench.cisecurity.org/benchmarks/17003

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7

Plugin: Unix

Control ID: f6552b2387f1a73bce3c44a19b7b6ddb24bdf7a8a7adfe25af102cff12f3cb39