VMW vRealize Automation 7.x PostgreSQL Security Technical Implementation Guide

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: [email protected]

Details

Version / Release: V1R1

Published: 2018-10-12

Updated At: 2018-11-03 10:31:15

Actions

Download

Filter


Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-99977r1_rule VRAU-PG-000020 CCI-000169 MEDIUM vRA PostgreSQL database log file data must contain required data elements. Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the
    SV-99979r1_rule VRAU-PG-000025 CCI-000171 MEDIUM The vRA PostgreSQL configuration file must not be accessible by unauthorized users. Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent or interfere with the auditing of critical events. Suppression of auditing could permit an adversary to evad
    SV-99981r1_rule VRAU-PG-000030 CCI-000172 MEDIUM The vRA PostgreSQL database must set the log_statement to all. Under some circumstances, it may be useful to monitor who/what is reading privilege/permission/role information. Therefore, it must be possible to configure auditing to do this. DBMSs typically make such information available through views or functions.
    SV-99983r1_rule VRAU-PG-000040 CCI-001464 MEDIUM The vRA PostgreSQL database must set the log_statement to all. Session auditing is for use when a user's activities are under investigation. To be sure of capturing all activity during those periods when session auditing is in use, it needs to be in operation for the whole time the DBMS is running.
    SV-99985r1_rule VRAU-PG-000045 CCI-001462 MEDIUM The vRA PostgreSQL database must set the log_statement to all. Without the capability to capture, record, and log all content related to a user session, investigations into suspicious user activity would be hampered. Typically, this DBMS capability would be used in conjunction with comparable monitoring of a user's
    SV-99987r1_rule VRAU-PG-000050 CCI-000130 MEDIUM vRA PostgreSQL database log file data must contain required data elements. Information system auditing capability is critical for accurate forensic analysis. Without establishing what type of event occurred, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those respon
    SV-99989r1_rule VRAU-PG-000055 CCI-000131 MEDIUM vRA PostgreSQL database log file data must contain required data elements. Information system auditing capability is critical for accurate forensic analysis. Without establishing when events occurred, it is impossible to establish, correlate, and investigate the events relating to an incident. In order to compile an accurate ri
    SV-99991r1_rule VRAU-PG-000060 CCI-000132 MEDIUM vRA PostgreSQL database log file data must contain required data elements. Information system auditing capability is critical for accurate forensic analysis. Without establishing where events occurred, it is impossible to establish, correlate, and investigate the events relating to an incident. In order to compile an accurate r
    SV-99993r1_rule VRAU-PG-000065 CCI-000133 MEDIUM vRA PostgreSQL database log file data must contain required data elements. Information system auditing capability is critical for accurate forensic analysis. Without establishing the source of the event, it is impossible to establish, correlate, and investigate the events relating to an incident. In order to compile an accurate
    SV-99995r1_rule VRAU-PG-000070 CCI-000134 MEDIUM vRA PostgreSQL database log file data must contain required data elements. Information system auditing capability is critical for accurate forensic analysis. Without information about the outcome of events, security personnel cannot make an accurate assessment as to whether an attack was successful or if changes were made to the
    SV-99997r1_rule VRAU-PG-000075 CCI-001487 MEDIUM vRA PostgreSQL database log file data must contain required data elements. Information system auditing capability is critical for accurate forensic analysis. Without information that establishes the identity of the subjects (i.e., users or processes acting on behalf of users) associated with the events, security personnel cannot
    SV-99999r1_rule VRAU-PG-000080 CCI-000135 MEDIUM vRA PostgreSQL database log file data must contain required data elements. Information system auditing capability is critical for accurate forensic analysis. Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. To support analysis, some types of events will nee
    SV-100001r1_rule VRAU-PG-000085 CCI-000140 LOW vRA PostgreSQL database must have log_truncate_on_rotation enabled. It is critical that when the DBMS is at risk of failing to process audit logs as required, it take action to mitigate the failure. Audit processing failures include: software/hardware errors; failures in the audit capturing mechanisms; and audit storage c
    SV-100003r1_rule VRAU-PG-000095 CCI-000162 MEDIUM The vRA PostgreSQL database must have the correct permissions on the log files. If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult, if not impossible, to achieve. In addition, access to audit records provides information an
    SV-100005r1_rule VRAU-PG-000100 CCI-000163 MEDIUM The vRA PostgreSQL database must have the correct ownership on the log files. If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve. To ensure the veracity of audit data the information system and/or the applica
    SV-100007r1_rule VRAU-PG-000105 CCI-000164 MEDIUM The vRA PostgreSQL database must have the correct group-ownership on the log files. If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve. To ensure the veracity of audit data, the information system and/or the applica
    SV-100009r1_rule VRAU-PG-000110 CCI-001493 MEDIUM The vRA PostgreSQL configuration files must have the correct permissions. Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon the log format and application, system and application log tools may provide the only means to manipulate and manage applicatio
    SV-100011r1_rule VRAU-PG-000115 CCI-001494 MEDIUM The vRA PostgreSQL configuration files must have the correct ownership. Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit data. Applications providing tools to interface with
    SV-100013r1_rule VRAU-PG-000120 CCI-001495 MEDIUM The vRA PostgreSQL configuration files must have the correct group-ownership. Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit data. Applications providing tools to interface with
    SV-100015r1_rule VRAU-PG-000135 CCI-001499 MEDIUM vRA PostgreSQL database objects must only be accessible to the postgres account. Within the database, object ownership implies full privileges to the owned object, including the privilege to assign access to the owned objects to other subjects. Database functions and procedures can be coded using definer's rights. This allows anyone w
    SV-100017r1_rule VRAU-PG-000140 CCI-001499 MEDIUM The vRA PostgreSQL database must limit modify privileges to authorized accounts. If the DBMS were to allow any user to make changes to database structure or logic, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process. Accordingly, only qua
    SV-100019r1_rule VRAU-PG-000145 CCI-000381 MEDIUM The vRA PostgreSQL database must not contain sample data. Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations (e.g., key missions, functions). It is det
    SV-100021r1_rule VRAU-PG-000160 CCI-000764 MEDIUM The vRA PostgreSQL database must be limited to authorized accounts. To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system. Organizational users include organizational employees or individuals the org
    SV-100023r1_rule VRAU-PG-000165 CCI-000196 MEDIUM The vRA PostgreSQL database must use md5 for authentication. The DoD standard for authentication is DoD-approved PKI certificates. Authentication based on User ID and Password may be used only when it is not possible to employ a PKI certificate, and requires AO approval. In such cases, database passwords stored i
    SV-100025r1_rule VRAU-PG-000170 CCI-000197 MEDIUM The vRA PostgreSQL database must be configured to use ssl. The DoD standard for authentication is DoD-approved PKI certificates. Authentication based on User ID and Password may be used only when it is not possible to employ a PKI certificate, and requires AO approval. In such cases, passwords need to be protec
    SV-100027r1_rule VRAU-PG-000210 CCI-001665 MEDIUM The vRA PostgreSQL database must complete writing log entries prior to returning results. Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of th
    SV-100029r1_rule VRAU-PG-000215 CCI-001084 MEDIUM The vRA PostgreSQL must not allow access to unauthorized accounts. An isolation boundary provides access control and protects the integrity of the hardware, software, and firmware that perform security functions. Security functions are the hardware, software, and/or firmware of the information system responsible for en
    SV-100031r1_rule VRAU-PG-000220 CCI-001090 MEDIUM Data from the vRA PostgreSQL database must be protected from unauthorized transfer. Applications, including DBMSs, must prevent unauthorized and unintended information transfer via shared system resources. Data used for the development and testing of applications often involves copying data from production. It is important that specifi
    SV-100033r1_rule VRAU-PG-000250 CCI-001314 MEDIUM The vRA PostgreSQL error file must be protected from unauthorized access. If the DBMS provides too much information in error logs and administrative messages to the screen, this could lead to compromise. The structure and content of error messages need to be carefully considered by the organization and development team. The ext
    SV-100035r1_rule VRAU-PG-000280 CCI-001844 MEDIUM The vRA PostgreSQL database must have log collection enabled. Without the ability to centrally manage the content captured in the audit records, identification, troubleshooting, and correlation of suspicious behavior would be difficult and could lead to a delayed or incomplete analysis of an ongoing attack. The con
    SV-100037r1_rule VRAU-PG-000290 CCI-001855 MEDIUM The vRA PostgreSQL database must be configured to use a syslog facility. Organizations are required to use a central log management system, so, under normal conditions, the audit space allocated to the DBMS on its own server will not be an issue. However, space will still be required on the DBMS server for audit records in tra
    SV-100039r1_rule VRAU-PG-000295 CCI-001858 MEDIUM The vRA PostgreSQL database must be configured to use a syslog facility. It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability, and system operatio
    SV-100041r1_rule VRAU-PG-000300 CCI-001890 MEDIUM The vRA PostgreSQL database must use UTC for log timestamps. If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis. Time stamps generated by the DBMS must include date and time. Time is commonly expressed in Coordinated Universal Time (UTC),
    SV-100043r1_rule VRAU-PG-000305 CCI-001889 MEDIUM vRA PostgreSQL database log file data must contain required data elements. Without sufficient granularity of time stamps, it is not possible to adequately determine the chronological order of records. Time stamps generated by the DBMS must include date and time. Granularity of time measurements refers to the precision availabl
    SV-100045r1_rule VRAU-PG-000310 CCI-001813 MEDIUM The DBMS must enforce access restrictions associated with changes to the configuration of the DBMS or database(s). Failure to provide logical access restrictions associated with changes to configuration may have significant effects on the overall security of the system. When dealing with access restrictions pertaining to change control, it should be noted that any c
    SV-100047r1_rule VRAU-PG-000320 CCI-002754 MEDIUM vRA PostgreSQL database must be configured to validate character encoding to UTF-8. A common vulnerability is unplanned behavior when invalid inputs are received. This requirement guards against adverse or unintended system behavior caused by invalid inputs, where information system responses to the invalid input may be disruptive or cau
    SV-100049r1_rule VRAU-PG-000330 CCI-002605 HIGH The vRA PostgreSQL database security updates and patches must be installed in a timely manner in accordance with site policy. Security flaws with software applications, including database management systems, are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (including any contract
    SV-100051r1_rule VRAU-PG-000335 CCI-000172 MEDIUM The vRA PostgreSQL database must set the log_statement to all. Changes to the security configuration must be tracked. This requirement applies to situations where security data is retrieved or modified via data manipulation operations, as opposed to via specialized security functionality. In an SQL environment, typ
    SV-100053r1_rule VRAU-PG-000340 CCI-000172 MEDIUM The vRA PostgreSQL database must set the log_statement to all. Changes to the security configuration must be tracked. This requirement applies to situations where security data is retrieved or modified via data manipulation operations, as opposed to via specialized security functionality. In an SQL environment, typ
    SV-100055r1_rule VRAU-PG-000355 CCI-000172 MEDIUM The vRA PostgreSQL database must set the log_statement to all. Changes in the permissions, privileges, and roles granted to users and roles must be tracked. Without an audit trail, unauthorized elevation or restriction of individuals' and groups' privileges could go undetected. Elevated privileges give users access t
    SV-100057r1_rule VRAU-PG-000360 CCI-000172 MEDIUM The vRA PostgreSQL database must set the log_statement to all. Failed attempts to change the permissions, privileges, and roles granted to users and roles must be tracked. Without an audit trail, unauthorized attempts to elevate or restrict individuals' and groups' privileges could go undetected. In an SQL environm
    SV-100059r1_rule VRAU-PG-000365 CCI-000172 MEDIUM The DBMS must generate audit records when privileges/permissions are modified. Changes in the permissions, privileges, and roles granted to users and roles must be tracked. Without an audit trail, unauthorized elevation or restriction of individuals' and groups' privileges could go undetected. Elevated privileges give users access t
    SV-100061r1_rule VRAU-PG-000370 CCI-000172 MEDIUM The DBMS must generate audit records when unsuccessful attempts to modify privileges/permissions occur. Failed attempts to change the permissions, privileges, and roles granted to users and roles must be tracked. Without an audit trail, unauthorized attempts to elevate or restrict individuals' and groups' privileges could go undetected. In PostgreSQL envi
    SV-100063r1_rule VRAU-PG-000375 CCI-000172 MEDIUM The DBMS must generate audit records when security objects are modified. Changes in the database objects (tables, views, procedures, functions) that record and control permissions, privileges, and roles granted to users and roles must be tracked. Without an audit trail, unauthorized changes to the security subsystem could go u
    SV-100065r1_rule VRAU-PG-000380 CCI-000172 MEDIUM The DBMS must generate audit records when unsuccessful attempts to modify security objects occur. Changes in the database objects (tables, views, procedures, functions) that record and control permissions, privileges, and roles granted to users and roles must be tracked. Without an audit trail, unauthorized changes to the security subsystem could go u
    SV-100067r1_rule VRAU-PG-000395 CCI-000172 MEDIUM The vRA PostgreSQL database must set the log_statement to all. Changes in the permissions, privileges, and roles granted to users and roles must be tracked. Without an audit trail, unauthorized elevation or restriction of individuals' and groups' privileges could go undetected. Elevated privileges give users access t
    SV-100069r1_rule VRAU-PG-000400 CCI-000172 MEDIUM The vRA PostgreSQL database must set the log_statement to all. Failed attempts to change the permissions, privileges, and roles granted to users and roles must be tracked. Without an audit trail, unauthorized attempts to elevate or restrict individuals' and groups' privileges could go undetected. In an SQL environm
    SV-100071r1_rule VRAU-PG-000405 CCI-000172 MEDIUM The vRA PostgreSQL database must set the log_statement to all. The removal of security objects from the database/DBMS would seriously degrade a system's information assurance posture. If such an event occurs, it must be logged.
    SV-100073r1_rule VRAU-PG-000410 CCI-000172 MEDIUM The vRA PostgreSQL database must set the log_statement to all. The removal of security objects from the database/DBMS would seriously degrade a system's information assurance posture. If such an action is attempted, it must be logged. To aid in diagnosis, it is necessary to keep track of failed attempts in addition
    SV-100075r1_rule VRAU-PG-000415 CCI-000172 MEDIUM The vRA PostgreSQL database must set the log_statement to all. Changes in categories of information must be tracked. Without an audit trail, unauthorized access to protected data could go undetected. For detailed information on categorizing information, refer to FIPS Publication 199, Standards for Security Categoriz
    SV-100077r1_rule VRAU-PG-000425 CCI-000172 MEDIUM The vRA PostgreSQL database must set log_connections to on. For completeness of forensic analysis, it is necessary to track who/what (a user or other principal) logs on to the DBMS.
    SV-100079r1_rule VRAU-PG-000430 CCI-000172 MEDIUM The vRA PostgreSQL database must set the log_min_messages to warning. For completeness of forensic analysis, it is necessary to track failed attempts to log on to the DBMS. While positive identification may not be possible in a case of failed authentication, as much information as possible about the incident must be capture
    SV-100081r1_rule VRAU-PG-000435 CCI-000172 MEDIUM The vRA PostgreSQL database must set the log_statement to all. Without tracking privileged activity, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. System documentation should include a definition of the functionality consider
    SV-100083r1_rule VRAU-PG-000440 CCI-000172 MEDIUM The vRA PostgreSQL database must set the log_statement to all. Without tracking privileged activity, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. System documentation should include a definition of the functionality consider
    SV-100085r1_rule VRAU-PG-000445 CCI-000172 MEDIUM The vRA PostgreSQL database must set log_connections to on. For completeness of forensic analysis, it is necessary to know how long a user's (or other principal's) connection to the DBMS lasts. This can be achieved by recording disconnections, in addition to logons/connections, in the audit logs. Disconnection m
    SV-100087r1_rule VRAU-PG-000450 CCI-000172 MEDIUM The vRA PostgreSQL database must set log_connections to on. For completeness of forensic analysis, it is necessary to track who logs on to the DBMS. Concurrent connections by the same user from multiple workstations may be valid use of the system; or such connections may be due to improper circumvention of the re
    SV-100089r1_rule VRAU-PG-000455 CCI-000172 MEDIUM The vRA PostgreSQL database must set the log_statement to all. Without tracking all or selected types of access to all or selected objects (tables, views, procedures, functions, etc.), it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for
    SV-100091r1_rule VRAU-PG-000460 CCI-000172 MEDIUM The vRA PostgreSQL database must set the log_statement to all. Without tracking all or selected types of access to all or selected objects (tables, views, procedures, functions, etc.), it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for o
    SV-100093r1_rule VRAU-PG-000465 CCI-000172 MEDIUM The vRA PostgreSQL database must set the log_statement to all. In this context, direct access is any query, command, or call to the DBMS that comes from any source other than the application(s) that it supports. Examples would be the command line or a database management utility program. The intent is to capture all
    SV-100095r1_rule VRAU-PG-000470 CCI-002450 HIGH The vRA PostgreSQL database must use FIPS 140-2 ciphers. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The application must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides ass
    SV-100097r1_rule VRAU-PG-000475 CCI-002450 HIGH The vRA PostgreSQL database must use FIPS 140-2 ciphers. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The application must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides ass
    SV-100099r1_rule VRAU-PG-000480 CCI-002450 HIGH The vRA PostgreSQL database must use FIPS 140-2 ciphers. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The application must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides ass
    SV-100101r1_rule VRAU-PG-000485 CCI-001851 MEDIUM The vRA PostgreSQL database must be configured to use a syslog facility. Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. The DBMS may write audit records to database tables, to fil
    SV-100103r1_rule VRAU-PG-000490 CCI-000366 MEDIUM vRA PostgreSQL must have the latest approved security-relevant software updates installed. Configuring the DBMS to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture
    SV-100105r1_rule VRAU-PG-000505 CCI-000803 HIGH The DBMS must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations. Use of weak or not validated cryptographic algorithms undermines the purposes of utilizing encryption and digital signatures to protect data. Weak algorithms can be easily broken and not validated cryptographic modules may not implement algorithms correc
    SV-100107r1_rule VRAU-PG-000560 CCI-000382 MEDIUM vRA Postgres must be configured to use the correct port. In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable or restrict unused or unnecessary physical and logical po
    SV-100109r1_rule VRAU-PG-000595 CCI-001844 MEDIUM The vRA PostgreSQL database must have log collection enabled. If the configuration of the DBMS's auditing is spread across multiple locations in the database management software, or across multiple commands, only loosely related, it is harder to use and takes longer to reconfigure in response to events. The DBMS mu
    SV-100111r1_rule VRAU-PG-000605 CCI-001762 MEDIUM vRA Postgres must be configured to use the correct port. Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.
    SV-100113r1_rule VRAU-PG-000620 CCI-000054 MEDIUM vRA PostgreSQL must limit the number of connections. Database management includes the ability to control the number of users and user sessions utilizing a DBMS. Unlimited concurrent connections to the DBMS could allow a successful Denial of Service (DoS) attack by exhausting connection resources; and a syst