Details

Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving system state information helps to facilitate system restart and return to the operational mode of the organization with less disruption of mission/business processes.

Aggregating log writes saves on performance but leaves a window for log data loss. The logging system inside VMware Postgres is capable of writing logs to disk fully and completely before the associated operation is returned to the client. This ensures that database activity is always captured, even in the event of a system crash during or immediately after a given operation.

Solution

At the command prompt, execute the following commands:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c ‘ALTER SYSTEM SET TO ‘on’;’

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c ‘SELECT pg_reload_conf();’

Note: Substitute with the incorrectly set parameter (fsync, full_page_writes, synchronous_commit)

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.

References

• 800-53|SC-24
• CAT|II
• CCI|CCI-001665
• Rule-ID|SV-239208r717060_rule
• STIG-ID|VCPG-67-000016
• Vuln-ID|V-239208

Source

• Tenable.com/audits