Documentation - V-261860

Title

PostgreSQL must protect against a user falsely repudiating having performed organization-defined actions.

Description

<VulnDiscussion>Nonrepudiation of actions taken is required to maintain data integrity. Examples of particular actions taken by individuals include creating information, sending a message, approving information (e.g., indicating concurrence or signing a contract), and receiving a message. Nonrepudiation protects against later claims by a user of not having created, modified, or deleted a particular data item or collection of data in the database. In designing a database, the organization must...

Fix Text (Documentation Requirement)

Note: The following instructions use the PGDATA and PGVER environment variables. Refer to APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER. Configure the database to supply additional auditing information to protect against a user falsely repudiating having performed organization-defined actions.  Using "pgaudit", PostgreSQL can be configured to audit these requests. Refer to supplementary content APPENDIX-B for documentation on installing pgaudit.  To ensure logging is enabled, review supplementary content APPENDIX-C for instructions on enabling logging.  Modify the configuration of audit logs to include details identifying the individual user:  As the database administrator (shown here as "postgres"), edit postgresql.conf:  $ sudo su - postgres  $ vi ${PGD...