VCPG-67-000001 - VMware Postgres must limit the number of connections.

Details

Database management includes the ability to control the number of users and user sessions utilizing a DBMS. Unlimited concurrent connections to the DBMS could allow a successful denial-of-service (DoS) attack by exhausting connection resources, and a system can also fail or be degraded by an overload of legitimate users. Limiting the number of concurrent sessions per user is helpful in reducing these risks.



VMware Postgres as deployed on the VCSA comes preconfigured with a max_connections limit that is appropriate for all tested, supported scenarios. The out-of-the-box configuration is dynamic, based on a lower limit plus allowances for the resources assigned to VCSA and the deployment size. However, this number will always be between 100 and 1000 (inclusive).


Solution

At the command prompt, execute the following commands:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c 'ALTER SYSTEM SET max_connections TO '345';'

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c 'SELECT pg_reload_conf();'


Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.


References


Source