Loading...
Security Resources

Software Updates

Database Security Knowledgebase Update 6.05

Trustwave Database Security Knowledgebase version 6.05 includes new checks for PostgreSQL and updated checks for PostgreSQL and SAP ASE. It also introduces a new policy for DISA STIG for Crunchy Data PostgreSQL.

New Vulnerability and Configuration Check Highlights

PostgreSQL

 

– Ensure pgaudit.log is configured appropriately (all, -misc)

Verify that the pgaudit.log parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure pgaudit.log is configured appropriately (ddl,role,read,write)

Verify that the pgaudit.log parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure pgaudit.log is configured appropriately (ddl,role,write)

Verify that the pgaudit.log parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure pgaudit.log is configured appropriately (ddl)

Verify that the pgaudit.log parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure pgaudit.log is configured appropriately (read, write)

Verify that the pgaudit.log parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure pgaudit.log is configured appropriately (role)

Verify that the pgaudit.log parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure pgaudit.log_catalog is configured appropriately

Verify that the pgaudit.log_catalog parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure pgaudit.log_level is configured appropriately

Verify that the pgaudit.log_level parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure pgaudit.log_parameter is configured appropriately

Verify that the pgaudit.log_parameter parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure pgaudit.log_statement_once is configured appropriately

Verify that the pgaudit.log_statement_once parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure the permissions on all PKI certificates are correct

Verify that all the PKI certificates used within the PostgreSQL installation have the correct permissions.

Risk: High

 

– Ensure the permissions on the postgresql.conf file are correct

Verify that the permissions on the PostgreSQL configuration file postgresql.conf are set to 600.

Risk: Medium

 

– Vulnerability in PostgreSQL core server - CVE-2021-20229

Check version to determine if the database contains vulnerability described by CVE-2021-20229.

Risk: Low

 

– Vulnerability in PostgreSQL core server - CVE-2021-3393

Check version to determine if the database contains vulnerability described by CVE-2021-3393.

Risk: Low

 

Updated Checks

PostgreSQL

– Latest patch not applied

Risk: High

– Patch release not applied on time

Risk: High

SAP ASE

– Latest patch not applied

Risk: High

– Patch not applied on time

Risk: High

New Policies

  • DISA-STIG Crunchy Data PostgreSQL V1R1 (Built-In)

Availability

  • Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
  • Download SHATTER Knowledgebase from the Trustwave Support Portal. (https: //www.trustwave.com/Company/Support/and select AppDetectivePRO or DbProtect)
  • AppDetectivePRO customers can use the Updater within the product as well