PostgreSQL must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-233548	SRG-APP-000383-DB-000364	CD12-00-004150	SV-233548r961470_rule	2024-08-27	3

Description
Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.

ℹ️ Check
As the database administrator, run the following SQL: $ psql -c "SHOW port" If the currently defined port configuration is deemed prohibited, this is a finding.

✔️ Fix
Note: The following instructions use the PGDATA and PGVER environment variables. See supplementary content APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER. To change the listening port of the database, as the database administrator, change the following setting in postgresql.conf: $ sudo su - postgres $ vi $PGDATA/postgresql.conf Change the port parameter to the desired port. Next, restart the database: $ sudo systemctl restart postgresql-${PGVER?} Note: psql uses the port 5432 by default. This can be changed by specifying the port with psql or by setting the PGPORT environment variable: $ psql -p 5432 -c "SHOW port" $ export PGPORT=5432

✔️ Fix

Note: The following instructions use the PGDATA and PGVER environment variables. See supplementary content APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER. To change the listening port of the database, as the database administrator, change the following setting in postgresql.conf: $ sudo su - postgres $ vi $PGDATA/postgresql.conf Change the port parameter to the desired port. Next, restart the database: $ sudo systemctl restart postgresql-${PGVER?} Note: psql uses the port 5432 by default. This can be changed by specifying the port with psql or by setting the PGPORT environment variable: $ psql -p 5432 -c "SHOW port" $ export PGPORT=5432