EP11-00-012200 - The EDB Postgres Advanced Server must generate audit records showing starting and ending time for user access to the database(s) and concurrent logons/connections by the same user from different workstations - edb_audit_disconnect

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

For completeness of forensic analysis, it is necessary to know how long a user's (or other principal's) connection to the DBMS lasts. This can be achieved by recording disconnections, in addition to logons/connections, in the audit logs.

Disconnection may be initiated by the user or forced by the system (as in a timeout) or result from a system or network failure. To the greatest extent possible, all disconnections must be logged.

Concurrent connections by the same user from multiple workstations may be valid use of the system; or such connections may be due to improper circumvention of the requirement to use the CAC for authentication; or they may indicate unauthorized account sharing; or they may be because an account has been compromised.

(If the fact of multiple, concurrent logons by a given user can be reliably reconstructed from the log entries for other events [logons/connections; voluntary and involuntary disconnections], then it is not mandatory to create additional log entries specifically for this.)

Satisfies: SRG-APP-000505-DB-000352,SRG-APP-000506-DB-000353

Solution

Execute the following SQL as enterprisedb:

ALTER SYSTEM SET edb_audit_connect = 'all';
ALTER SYSTEM SET edb_audit_disconnect = 'all';
SELECT pg_reload_conf();

or

Update the system documentation to note the organizationally approved setting and corresponding justification of the setting for this requirement.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_EDB_PGS_Advanced_Server_v11_Windows_V2R2_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000172, Rule-ID|SV-224235r508023_rule, STIG-ID|EP11-00-012200, STIG-Legacy|SV-109597, STIG-Legacy|V-100493, Vuln-ID|V-224235

Plugin: PostgreSQLDB

Control ID: 06f9f3ffc09790d7f87f562f1e58255e143a34d0eab60baa6e9d7e18b87516f4