PostgreSQL must initiate session auditing upon startup.
An XCCDF Rule
Description
<VulnDiscussion>Session auditing is for use when a user's activities are under investigation. To ensure the capture of all activity during those periods when session auditing is in use, it needs to be in operation for the whole time PostgreSQL is running.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-261865r1000600_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure PostgreSQL to enable auditing.
To ensure logging is enabled, review supplementary content APPENDIX-C for instructions on enabling logging.
For session logging, using pgaudit is recommended. For instructions on how to setup pgaudit, refer to supplementary content APPENDIX-B.