STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vSphere 7.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide

V-256606

CAT II (Medium)

VMware Postgres must provide nonprivileged users with minimal error information.

Rule ID

SV-256606r887604_rule

STIG

VMware vSphere 7.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-001312CCI-001314

Discussion

Any database management system (DBMS) or associated application providing too much information in error messages on the screen or printout risks compromising the data and security of the system. The structure and content of error messages must contain the minimal amount of information. Databases can inadvertently provide a wealth of information to an attacker through improperly handled error messages. In addition to sensitive business or personal information, database errors can provide host names, IP addresses, user names, and other system information not required for troubleshooting but very useful to someone targeting the system. Satisfies: SRG-APP-000266-DB-000162, SRG-APP-000267-DB-000163

Check Content

At the command prompt, run the following command:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -A -t -c "SHOW client_min_messages;"

Expected result:

notice

If the output does not match the expected result, this is a finding.

Fix Text

At the command prompt, run the following commands:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "ALTER SYSTEM SET client_min_messages TO 'notice';"

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "SELECT pg_reload_conf();"