EP11-00-011800 - The EDB Postgres Advanced Server must generate audit records when successful/unsuccessful logons, connections, or connection attempts occur.

Information

For completeness of forensic analysis, it is necessary to track who/what (a user or other principal) logs on to the DBMS.

It is also necessary to track failed attempts to log on to the DBMS. While positive identification may not be possible in a case of failed authentication, as much information as possible about the incident must be captured.

Satisfies: SRG-APP-000503-DB-000350,SRG-APP-000503-DB-000351

Solution

Execute the following SQL as enterprisedb:

ALTER SYSTEM SET edb_audit_connect = 'all';
SELECT pg_reload_conf();

or

Update the system documentation to note the organizationally approved setting and corresponding justification of the setting for this requirement.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_EDB_PGS_Advanced_Server_v11_Windows_V2R4_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c., CAT|II, CCI|CCI-000172, Rule-ID|SV-224232r961824_rule, STIG-ID|EP11-00-011800, STIG-Legacy|SV-109589, STIG-Legacy|V-100485, Vuln-ID|V-224232

Plugin: PostgreSQLDB

Control ID: bb9b9c02239587b034f0db06153203667df0840e216ea8dbcfa369d95da31bd1