Rule ID
SV-261865r1000600_rule
Version
V1R2
CCIs
CCI-001464
Session auditing is for use when a user's activities are under investigation. To ensure the capture of all activity during those periods when session auditing is in use, it needs to be in operation for the whole time PostgreSQL is running.
As the database administrator (shown here as "postgres"), check the current settings by running the following SQL: $ sudo su - postgres $ psql -c "SHOW shared_preload_libraries" If pgaudit is not in the current setting, this is a finding. As the database administrator (shown here as "postgres"), check the current settings by running the following SQL: $ psql -c "SHOW log_destination" If stderr or syslog are not in the current setting, this is a finding.
Configure PostgreSQL to enable auditing. To ensure logging is enabled, review supplementary content APPENDIX-C for instructions on enabling logging. For session logging, using pgaudit is recommended. For instructions on how to setup pgaudit, refer to supplementary content APPENDIX-B.