PGS9-00-005200 - PostgreSQL must generate audit records when security objects are deleted.

Information

The removal of security objects from the database/PostgreSQL would seriously degrade a system's information assurance posture. If such an event occurs, it must be logged.

Solution

Note: The following instructions use the PGDATA and PGVER environment variables. See supplementary content APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER.

Using pgaudit PostgreSQL can be configured to audit these requests. See supplementary content APPENDIX-B for documentation on installing pgaudit.

With pgaudit installed the following configurations can be made:

$ sudo su - postgres
$ vi ${PGDATA?}/postgresql.conf

Add the following parameters (or edit existing parameters):

pgaudit.log = 'ddl'

Now, as the system administrator, reload the server with the new configuration:

# SYSTEMD SERVER ONLY
$ sudo systemctl reload postgresql-${PGVER?}

# INITD SERVER ONLY
$ sudo service postgresql-${PGVER?} reload

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_PGS_SQL_9-x_V2R5_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c., CAT|II, CCI|CCI-000172, Rule-ID|SV-214093r961818_rule, STIG-ID|PGS9-00-005200, STIG-Legacy|SV-87591, STIG-Legacy|V-72939, Vuln-ID|V-214093

Plugin: PostgreSQLDB

Control ID: 8615d45574a8706be753027a6c2097905c3b932be3660b43ff21d71129adb05d