PPS9-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.

Information

Organizations are required to use a central log management system, so under normal conditions, the audit space allocated to the DBMS on its own server will not be an issue. However, space will still be required on the DBMS server for audit records in transit, and, under abnormal conditions, this could fill up. Since a requirement exists to halt processing upon audit failure, a service outage would result.

If support personnel are not notified immediately upon storage volume utilization reaching 75%, they are unable to plan for storage capacity expansion.

The appropriate support staff include, at a minimum, the ISSO and the DBA/SA.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Install PEM and configure a probe to monitor '<postgresql data directory>' and notify appropriate support staff upon storage volume utilization reaching 75 percent.

(The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

Example steps for creating a probe are below, using the thin client (browser) PEM interface. Refer also to the Supplemental Procedures document, supplied with this STIG.

Open the PEM web console in a browser

- Log in
- Click on the agent for the machine to be monitored
- Select 'Management | Probe Configuration'
- Select 'Disk Space' and set the check interval as you like
- Select 'Management | Alerting'
- Name the definition 'Audit Log Full'
- Select Template 'Disk Consumption Percentage'
- Set Frequency, Comparison Operator, and Thresholds (1 minute, >,
95/96/97 for example)
- Enter the Mount Point for where the audit log is
- Click Notification tab
- Click Email all alerts
- Click 'Execute Script' on Monitored Server
- Enter script to showdown postgres, generally 'service ppas-95 stop'
- Click Add/Change to save, click 'OK' to exit dialog box

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_EDB_PGS_Advanced_Server_v9-6_V2R3_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-5(1), CAT|II, CCI|CCI-001855, Rule-ID|SV-213623r879732_rule, STIG-ID|PPS9-00-008000, STIG-Legacy|SV-83603, STIG-Legacy|V-68999, Vuln-ID|V-213623

Plugin: Unix

Control ID: 882d68d3fff2496b8f36a0773334476035983eeeb628d120765a0105b849c7e5