VCPG-67-000001 - VMware Postgres must limit the number of connections.

Information

Database management includes the ability to control the number of users and user sessions utilizing a DBMS. Unlimited concurrent connections to the DBMS could allow a successful denial-of-service (DoS) attack by exhausting connection resources, and a system can also fail or be degraded by an overload of legitimate users. Limiting the number of concurrent sessions per user is helpful in reducing these risks.

VMware Postgres as deployed on the VCSA comes preconfigured with a max_connections limit that is appropriate for all tested, supported scenarios. The out-of-the-box configuration is dynamic, based on a lower limit plus allowances for the resources assigned to VCSA and the deployment size. However, this number will always be between 100 and 1000 (inclusive).

Solution

At the command prompt, execute the following commands:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c 'ALTER SYSTEM SET max_connections TO '345';'

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c 'SELECT pg_reload_conf();'

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-10, CAT|II, CCI|CCI-000054, Rule-ID|SV-239196r879511_rule, STIG-ID|VCPG-67-000001, Vuln-ID|V-239196

Plugin: Unix

Control ID: 5b763aa44f57ceeedc9f60ffdb7e2d06f14da0a97b7352289dcc51b5cc1e47b3