Trustwave Database Security Knowledgebase version 6.05 includes new checks for PostgreSQL and updated checks for PostgreSQL and SAP ASE. It also introduces a new policy for DISA STIG for Crunchy Data PostgreSQL.
New Vulnerability and Configuration Check Highlights
PostgreSQL
– Ensure pgaudit.log is configured appropriately (all, -misc)
Verify that the pgaudit.log parameter is setup appropriately accordingly to your security policy.
Risk: Medium
– Ensure pgaudit.log is configured appropriately (ddl,role,read,write)
Verify that the pgaudit.log parameter is setup appropriately accordingly to your security policy.
Risk: Medium
– Ensure pgaudit.log is configured appropriately (ddl,role,write)
Verify that the pgaudit.log parameter is setup appropriately accordingly to your security policy.
Risk: Medium
– Ensure pgaudit.log is configured appropriately (ddl)
Verify that the pgaudit.log parameter is setup appropriately accordingly to your security policy.
Risk: Medium
– Ensure pgaudit.log is configured appropriately (read, write)
Verify that the pgaudit.log parameter is setup appropriately accordingly to your security policy.
Risk: Medium
– Ensure pgaudit.log is configured appropriately (role)
Verify that the pgaudit.log parameter is setup appropriately accordingly to your security policy.
Risk: Medium
– Ensure pgaudit.log_catalog is configured appropriately
Verify that the pgaudit.log_catalog parameter is setup appropriately accordingly to your security policy.
Risk: Medium
– Ensure pgaudit.log_level is configured appropriately
Verify that the pgaudit.log_level parameter is setup appropriately accordingly to your security policy.
Risk: Medium
– Ensure pgaudit.log_parameter is configured appropriately
Verify that the pgaudit.log_parameter parameter is setup appropriately accordingly to your security policy.
Risk: Medium
– Ensure pgaudit.log_statement_once is configured appropriately
Verify that the pgaudit.log_statement_once parameter is setup appropriately accordingly to your security policy.
Risk: Medium
– Ensure the permissions on all PKI certificates are correct
Verify that all the PKI certificates used within the PostgreSQL installation have the correct permissions.
Risk: High
– Ensure the permissions on the postgresql.conf file are correct
Verify that the permissions on the PostgreSQL configuration file postgresql.conf are set to 600.
Risk: Medium
– Vulnerability in PostgreSQL core server - CVE-2021-20229
Check version to determine if the database contains vulnerability described by CVE-2021-20229.
Risk: Low
– Vulnerability in PostgreSQL core server - CVE-2021-3393
Check version to determine if the database contains vulnerability described by CVE-2021-3393.
Risk: Low
Updated Checks
PostgreSQL
– Latest patch not applied
Risk: High
– Patch release not applied on time
Risk: High
SAP ASE
– Latest patch not applied
Risk: High
– Patch not applied on time
Risk: High
New Policies
- DISA-STIG Crunchy Data PostgreSQL V1R1 (Built-In)
Availability
- Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
- AppDetectivePRO customers can use the Updater within the product as well
