-
Notifications
You must be signed in to change notification settings - Fork 16
Postgres CIS Checks Quick Reference
klouddb.io edited this page Feb 28, 2023
·
6 revisions
| Control | Description | Validation steps | Comments |
|---|---|---|---|
| 1.2 | Ensure systemd Service Files Are Enabled | Check if postgres system service is enabled | Enabling the systemd service on the OS ensures the database service is active when a change of state occurs as in the case of a system startup or reboot. |
| 1.3 | Ensure Data Cluster Initialized Successfully | PostgreSQL enforces ownership and permissions of the data cluster | Incorrectly instantiating the data cluster will result in a failed installation. |
| 2.1 | Ensure the file permissions mask is correct | The postgres user account should use a umask of 077 to deny file access to all user accounts except the owner. | The Linux OS defaults the umask to 002, which means the owner and primary group can read and write the file, and other accounts are permitted to read the file. |