The vCenter PostgreSQL service must log all connection attempts.

An XCCDF Rule

Description

For completeness of forensic analysis, it is necessary to track successful and failed attempts to log on to PostgreSQL. Setting "log_connections" to "on" will cause each attempted connection to the server to be logged, as well as successful completion of client authentication. Satisfies: SRG-APP-000503-DB-000350, SRG-APP-000503-DB-000351, SRG-APP-000506-DB-000353, SRG-APP-000508-DB-000358

ID: SV-259183r961824_rule
Version: VCPG-80-000110
Severity: Medium
References: CCI-000172
Updated: about 2 months ago

Remediation Templates

A script is included with vCenter to generate a PostgreSQL STIG configuration.

At the command prompt, run the following commands:

# chmod +x /opt/vmware/vpostgres/current/bin/vmw_vpg_config/vmw_vpg_config.py
# /opt/vmware/vpostgres/current/bin/vmw_vpg_config/vmw_vpg_config.py --action stig_enable --pg-data-dir /storage/db/vpostgres# chmod -x /opt/vmware/vpostgres/current/bin/vmw_vpg_config/vmw_vpg_config.py

Restart the PostgreSQL service by running the following command:

# vmon-cli --restart vmware-vpostgres

The vCenter PostgreSQL service must log all connection attempts.

Description

Remediation Templates

A Manual Procedure