VMware Postgres configuration files must not be accessible by unauthorized users.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-256593 | SRG-APP-000090-DB-000065 | VCPG-70-000003 | SV-256593r887565_rule | 2023-06-15 | 1 |
Description
VMware Postgres has a few configuration files that directly control the security posture of the database management system (DBMS). Protecting these files from unauthorized access and modification is fundamental to ensuring the security of VMware Postgres.
Satisfies: SRG-APP-000090-DB-000065, SRG-APP-000121-DB-000202, SRG-APP-000122-DB-000203, SRG-APP-000123-DB-000204, SRG-APP-000380-DB-000360
ℹ️ Check
At the command prompt, run the following command:
# find /storage/db/vpostgres/*conf* -xdev -type f -a '(' -not -perm 600 -o -not -user vpostgres -o -not -group vpgmongrp ')' -exec ls -ld {} \;
If any files are returned, this is a finding.
✔️ Fix
At the command prompt, run the following commands:
# chmod 600 <file>
# chown vpostgres:vpgmongrp <file>
Note: Replace <file> with the file that has incorrect permissions.