Ensure excessive administrative privileges are revoked
Details With respect to PostgreSQL administrative SQL commands, only superusers should have elevated privileges. PostgreSQL regular, or application, users should...
- Home
- Security Hardening
- CIS PostgreSQL 9.6 OS V1.0.0
CIS PostgreSQL 9.6 OS V1.0.0
Ensure FIPS 140-2 OpenSSL Cryptography Is Used – fips_enabled
Details Install, configure, and use OpenSSL on a platform that has a NIST certified FIPS 140-2 installation of OpenSSL. This...Ensure FIPS 140-2 OpenSSL Cryptography Is Used – openssl version
Details Install, configure, and use OpenSSL on a platform that has a NIST certified FIPS 140-2 installation of OpenSSL. This...Ensure Installation of Binary Packages
Details The PostgreSQL packages are installed on the Operating System from valid source. Rationale: Standard Linux distributions, although possessing the...Ensure Installation of Community Packages
Details Adding, and installing, the PostgreSQL community packages to the host’s package repository. Rationale: It’s an unfortunate reality that Linux...Ensure login via ‘host’ TCP/IP Socket is configured correctly
Details A large number of authentication METHODs are available for hosts connecting using TCP/IP sockets, including: trust reject md5 password...Ensure login via ‘local’ UNIX Domain Socket is configured correctly
Details A remote host login, via ssh, is arguably the most secure means of remotely accessing and administering the PostgreSQL...Ensure packages are obtained from authorized repositories
Details When obtaining and installing software packages (typically via yum), it’s imperative that packages are sourced only from valid and...Ensure Service Runlevel Is Registered And Set Correctly
Details Confirm, and set if necessary, the PostgreSQL runlevel on SYSV operating systems. Rationale: Setting the runlevel on a SYSV...Ensure sudo is configured correctly
Details It is common to have more than one authorized individual administering the PostgreSQL service at the Operating System level....