Check: PGS9-00-004300
PostgreSQL 9.x STIG:
PGS9-00-004300
(in versions v2 r4 through v1 r1)
Title
When updates are applied to PostgreSQL software, any software components that have been replaced or made unnecessary must be removed. (Cat II impact)
Discussion
Previous versions of PostgreSQL components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some PostgreSQL installation tools may remove older versions of software automatically from the information system. In other cases, manual review and removal will be required. In planning installations and upgrades, organizations must include steps (automated, manual, or both) to identify and remove the outdated modules. A transition period may be necessary when both the old and the new software are required. This should be taken into account in the planning.
Check Content
To check software installed by packages, as the system administrator, run the following command: # RHEL/CENT Systems $ sudo rpm -qa | grep postgres If multiple versions of postgres are installed but are unused, this is a finding.
Fix Text
Use package managers (RPM or apt-get) for installing PostgreSQL. Unused software is removed when updated.
Additional Identifiers
Rule ID: SV-214084r879825_rule
Vulnerability ID: V-214084
Group Title: SRG-APP-000454-DB-000389
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002617 |
The organization removes organization-defined software components (e.g., previous versions) after updated versions have been installed. |
Controls
Number | Title |
---|---|
SI-2 (6) |
Removal Of Previous Versions Of Software / Firmware |