Details
Write Ahead Log (WAL) Archiving, or Log Shipping, is the process of sending transaction log files from the PRIMARY host either to one or more STANDBY hosts or to be archived on a remote storage device for later use, e.g. PITR. There are several utilities that can copy WALs including, but not limited to, cp, scp, sftp, and rynsc. Basically, the server follows a set of runtime parameters which defines when the WAL should be copied using one of the aforementioned utilities.
Rationale:
Unless the server has been correctly configured, one runs the risk of sending WALs in an unsecured, unencrypted fashion.
Solution
Change parameters and restart the server as required.
Note: SSH public keys must be generated and installed as per industry standards.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.