Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
As an embedded database that is only accessible via localhost, VMware Postgres on the VCSA does not implement robust auditing. However, it can and must be configured to log reasonable levels of information relating to user actions to enable proper troubleshooting.
Satisfies: SRG-APP-000089-DB-000064, SRG-APP-000095-DB-000039, SRG-APP-000096-DB-000040, SRG-APP-000097-DB-000041, SRG-APP-000098-DB-000042, SRG-APP-000099-DB-000043, SRG-APP-000100-DB-000201, SRG-APP-000101-DB-000044, SRG-APP-000375-DB-000323
At the command prompt, execute the following commands:
# /opt/vmware/vpostgres/current/bin/psql -U postgres -c 'ALTER SYSTEM SET log_line_prefix TO '%m %c %x %d %u %r %p %l ';'
# /opt/vmware/vpostgres/current/bin/psql -U postgres -c 'SELECT pg_reload_conf();'
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.