CIS_PostgreSQL_14_v1.0.0_L1_OS_Linux.audit from CIS PostgreSQL 14 Benchmark v1.0.0
See Also https://workbench.cisecurity.org/files/3558 This control applies to the following type of system Unix. Source Tenable.com/audits
- Home
- Security Hardening
- CIS PostgreSQL 14 OS V1.0.0
CIS PostgreSQL 14 OS V1.0.0
Ensure base backups are configured and functional
Details A ‘base backup’ is a copy of the PRIMARY host’s data cluster ($PGDATA) and is used to create STANDBY...Ensure Data Cluster Initialized Successfully
Details First-time installs of PostgreSQL require the instantiation of the database cluster. A database cluster is a collection of databases...Ensure FIPS 140-2 OpenSSL Cryptography Is Used – fips_enabled
Details Install, configure, and use OpenSSL on a platform that has a NIST certified FIPS 140-2 installation of OpenSSL. This...Ensure FIPS 140-2 OpenSSL Cryptography Is Used – openssl version
Details Install, configure, and use OpenSSL on a platform that has a NIST certified FIPS 140-2 installation of OpenSSL. This...Ensure login via ‘host’ TCP/IP Socket is configured correctly – host TCP/IP Socket is configured correctly
Details A large number of authentication METHODs are available for hosts connecting using TCP/IP sockets, including: trust reject md5 scram-sha-256...Ensure login via ‘local’ UNIX Domain Socket is configured correctly – local UNIX Domain Socket is configured correctly
Details A remote host login, via SSH, is arguably the most secure means of remotely accessing and administering the PostgreSQL...Ensure packages are obtained from authorized repositories
Details Standard Linux distributions, although possessing the requisite packages, often do not have PostgreSQL pre-installed. The installation process includes installing...Ensure sudo is configured correctly – /etc/sudoers
Details It is common to have more than one authorized individual administering the PostgreSQL service at the Operating System level....Ensure sudo is configured correctly – /etc/sudoers.d/postgres
Details It is common to have more than one authorized individual administering the PostgreSQL service at the Operating System level....