2.4 Ensure Passwords are Not Stored in the service file

Information

One can set a password in a PostgreSQL connection service file. Verify the password option is not used in a connection service file.

Rationale:

Using the password parameter may negatively impact the confidentiality of the user's password.

Impact:

The global configuration is by default readable for all users on the system.

This is needed for global defaults (prompt, port, socket, etc.).

If a password is present in this file, then all users on the system may be able to access it.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Delete every password entry in the file(s) previously identified.

See Also

https://workbench.cisecurity.org/benchmarks/17004

Item Details

Category: IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|IA-5(1), 800-53|SC-28, 800-53|SC-28(1)

Plugin: Unix

Control ID: 0b2c6194acafcfe7faf86307a36a4ac5998f41d77b6b0a50ede8b9f71aaf6b8a