Documentation - V-261869

Title

PostgreSQL must produce audit records containing sufficient information to establish the sources (origins) of the events.

Description

<VulnDiscussion>Information system auditing capability is critical for accurate forensic analysis. Without establishing the source of the event, it is impossible to establish, correlate, and investigate the events relating to an incident. To compile an accurate risk assessment and provide forensic analysis, it is essential for security personnel to know where events occurred, such as application components, modules, session identifiers, filenames, host names, and functionality. In addition to ...

Fix Text (Documentation Requirement)

Note: The following instructions use the PGDATA and PGVER environment variables. Refer to APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER. To ensure logging is enabled, review supplementary content APPENDIX-C for instructions on enabling logging. If logging is enabled, the following configurations can be made to log the source of an event. As the database administrator, edit postgresql.conf: $ sudo su - postgres $ vi ${PGDATA?}/postgresql.conf ###### Log Line Prefix Extra parameters can be added to the setting log_line_prefix to log source of event: # %a = application name # %u = user name # %d = database name # %r = remote host and port # %p = process ID # %m = timestamp with milliseconds For example: log_line_prefix = '< %m %a %u %d %r %p %m >' ###### ...