1.2 Install only required packages

Information

Depending on the distribution, several other packages next to the mandatory postgresql might have been installed upon a system. Typical add-on packages are:

postgresql-doc: PostgreSQL documentation.

phppgadmin: PostgreSQL web-based administration tool.

...

Rationale:

Unused packages can increase the potential attack surface of the system.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Examine the installed packages:

Debian: dpkg -l $(apt-cache search postgresql --names-only| awk '{print $1}') 2>&1 | grep -v 'no packages found'

RHEL: rpm -q $(dnf search postgresql | cut -d: -f1 | cut -d. -f1) 2>&1 | grep -Ev 'package.*is not installed'

Remove any identified packages that are undesired:

Debian: apt purge <pkg>

RHEL: dnf erase <pkg>

See Also

https://workbench.cisecurity.org/benchmarks/17004

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7

Plugin: PostgreSQLDB

Control ID: 8fd2a36d453e8a89ccf2966092bb14b93056c95e569a78ce0ffa773771aa4e51