An error occurred:

Check: CD12-00-009900

Crunchy Data PostgreSQL STIG: CD12-00-009900 (in versions v2 r2 through v1 r1)

Title

The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity. (Cat II impact)

Discussion

Organizations are required to use a central log management system, so under normal conditions, the audit space allocated to PostgreSQL on its own server will not be an issue. However, space will still be required on PostgreSQL server for audit records in transit, and, under abnormal conditions, this could fill up. Since a requirement exists to halt processing upon audit failure, a service outage would result. If support personnel are not notified immediately upon storage volume utilization reaching 75 percent, they are unable to plan for storage capacity expansion. The appropriate support staff include, at a minimum, the Information System Security Officer (ISSO) and the database administrator (DBA)/systems administrator (SA).

Check Content

Review system configuration. If no script/tool is monitoring the partition for the PostgreSQL log directories, this is a finding. If appropriate support staff are not notified immediately upon storage volume utilization reaching 75 percent, this is a finding.

Fix Text

Note: The following instructions use the PGDATA and PGVER environment variables. See supplementary content APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER. Configure the system to notify appropriate support staff immediately upon storage volume utilization reaching 75 percent. PostgreSQL does not monitor storage, however, it is possible to monitor storage with a script. ##### Example Monitoring Script #!/bin/bash PGDATA=/var/lib/psql/${PGVER?}/data CURRENT=$(df ${PGDATA?} | grep / | awk '{ print $5}' | sed 's/%//g') THRESHOLD=75 if [ "$CURRENT" -gt "$THRESHOLD" ] ; then mail -s 'Disk Space Alert' mail@support.com << EOF The data directory volume is almost full. Used: $CURRENT %EOF fi Schedule this script in cron to run around the clock.

Additional Identifiers

Rule ID: SV-233599r879732_rule

Vulnerability ID: V-233599

Group Title: SRG-APP-000359-DB-000319

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001855

The information system provides a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit record storage volume reaches an organization-defined percentage of repository maximum audit record storage capacity.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-5 (1)

Audit Storage Capacity