PGS9-00-008600 - PostgreSQL must initiate session auditing upon startup.

Information

Session auditing is for use when a user's activities are under investigation. To be sure of capturing all activity during those periods when session auditing is in use, it needs to be in operation for the whole time PostgreSQL is running.

Solution

Configure PostgreSQL to enable auditing.

To ensure that logging is enabled, review supplementary content APPENDIX-C for instructions on enabling logging.

For session logging we suggest using pgaudit. For instructions on how to setup pgaudit, see supplementary content APPENDIX-B.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_PGS_SQL_9-x_V2R5_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-14(1), CAT|II, CCI|CCI-001464, Rule-ID|SV-214123r960888_rule, STIG-ID|PGS9-00-008600, STIG-Legacy|SV-87653, STIG-Legacy|V-73001, Vuln-ID|V-214123

Plugin: PostgreSQLDB

Control ID: a521971d9de630af29af3aebb78744f50f238b1e785a9a1e32d213dcb2305dc1