← Back to EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide

V-213655

CAT II (Medium)

The EDB Postgres Advanced Server must generate audit records when successful logons or connections occur.

Rule ID

SV-213655r879874_rule

STIG

EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000172

Discussion

For completeness of forensic analysis, it is necessary to track who/what (a user or other principal) logs on to the DBMS.

Check Content

Execute the following SQL as enterprisedb:
	
SHOW edb_audit_connect;
	
If the result is not "all" or if the current setting for this requirement has not been noted and approved by the organization in the system documentation, this is a finding.

Fix Text

Execute the following SQL as enterprisedb:
	
SHOW edb_audit_connect;
	
If the result is not "all" or if the current setting for this requirement has not been noted and approved by the organization in the system documentation, this is a finding.
	
Fix Text: Execute the following SQL as enterprisedb:
	
ALTER SYSTEM SET edb_audit_connect = 'all';
ALTER SYSTEM SET edb_audit_disconnect = 'all';
SELECT pg_reload_conf();   
	
or
	
Update the system documentation to note the organizationally approved setting and corresponding justification of the setting for this requirement.