VMware Postgres must enforce authorized access to all public key infrastructure (PKI) private keys.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-256602 | SRG-APP-000176-DB-000068 | VCPG-70-000012 | SV-256602r887592_rule | 2023-06-15 | 1 |
| Description |
|---|
| The DOD standard for authentication is DOD-approved PKI certificates. PKI certificate-based authentication is performed by requiring the certificate holder to cryptographically prove possession of the corresponding private key. If a private key is stolen, an attacker can use it to impersonate the certificate holder. In cases where the database management system (DBMS)-stored private keys are used to authenticate the DBMS to the system's clients, loss of the corresponding private keys would allow an attacker to successfully perform undetected man-in-the-middle attacks against the DBMS system and its clients. All access to the private key(s) of the DBMS must be restricted to authorized and authenticated users. |
| ℹ️ Check |
|---|
| At the command prompt, run the following command: # stat -c "%a:%U:%G" /storage/db/vpostgres_ssl/server.key Expected result: 600:vpostgres:vpgmongrp If the output does not match the expected result, this is a finding. |
| ✔️ Fix |
|---|
| At the command prompt, run the following commands: # chmod 600 /storage/db/vpostgres_ssl/server.key # chown vpostgres:vpgmongrp /storage/db/vpostgres_ssl/server.key |