VCPG-67-000004 - VMware Postgres must be configured to overwrite older logs when necessary.

Gavin M. Dennis

22 April 2022 15:06

Details

Without proper configuration, log files for VMware Postgres can grow without bound, filling the partition and potentially affecting the availability of the VCSA. One part of this configuration is to ensure that the logging subsystem overwrites, rather than appending to, any previous logs that would share the same name. This is avoided in other configuration steps, but this best practice should also be followed.

Solution

At the command prompt, execute the following commands:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c 'ALTER SYSTEM SET log_truncate_on_rotation TO 'on';'

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c 'SELECT pg_reload_conf();'

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.

References

800-53|AU-5b.
CAT|II
CCI|CCI-000140
Rule-ID|SV-239199r717051_rule
STIG-ID|VCPG-67-000004
Vuln-ID|V-239199

Source

Tenable.com/audits

PS. Before you go.

Request a quote to protect your organisation from cyber attacks and breaches.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section