Details
Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
As an embedded database that is only accessible via localhost, VMware Postgres on the VCSA does not implement robust auditing. However, it can and must be configured to log reasonable levels of information relating to user actions to enable proper troubleshooting.
Satisfies: SRG-APP-000089-DB-000064, SRG-APP-000095-DB-000039, SRG-APP-000096-DB-000040, SRG-APP-000097-DB-000041, SRG-APP-000098-DB-000042, SRG-APP-000099-DB-000043, SRG-APP-000100-DB-000201, SRG-APP-000101-DB-000044, SRG-APP-000375-DB-000323
Solution
At the command prompt, execute the following commands:
# /opt/vmware/vpostgres/current/bin/psql -U postgres -c 'ALTER SYSTEM SET log_line_prefix TO '%m %c %x %d %u %r %p %l ';'
# /opt/vmware/vpostgres/current/bin/psql -U postgres -c 'SELECT pg_reload_conf();'
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.
References
- 800-53|AU-12a.
- CAT|II
- CCI|CCI-000169
- Rule-ID|SV-239197r717050_rule
- STIG-ID|VCPG-67-000002
- Vuln-ID|V-239197
Comments
Please sign in to leave a comment.