PostgreSQL must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accordance with the Ports, Protocols, and Services Management (PPSM) guidance.
Overview
Finding ID | Version | Rule ID | IA Controls | Severity |
V-261926 | CD16-00-008000 | SV-261926r1000783_rule | Medium |
Description |
Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats. |
STIG | Date |
Crunchy Data Postgres 16 Security Technical Implementation Guide | 2024-06-17 |
Details
Check Text (C-65780r1000781_chk) |
As the database administrator, run the following SQL: $ psql -c "SHOW port" If the currently defined port configuration is deemed prohibited, this is a finding. |
Fix Text (F-65688r1000782_fix) |
Note: The following instructions use the PGDATA and PGVER environment variables. Refer to APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER. To change the listening port of the database, as the database administrator, change the following setting in postgresql.conf: $ sudo su - postgres $ vi $PGDATA/postgresql.conf Change the port parameter to the desired port. Restart the database: $ sudo systemctl restart postgresql-${PGVER?} Note: psql uses the port 5432 by default. This can be changed by specifying the port with psql or by setting the PGPORT environment variable: $ psql -p 5432 -c "SHOW port" $ export PGPORT=5432 |