Software Updates

Database Security Knowledgebase Update 6.05

Written by | Mar 17, 2021 4:16:00 AM

Trustwave Database Security Knowledgebase version 6.05 includes new checks for PostgreSQL and updated checks for PostgreSQL and SAP ASE. It also introduces a new policy for DISA STIG for Crunchy Data PostgreSQL.

New Vulnerability and Configuration Check Highlights

PostgreSQL

 

– Ensure pgaudit.log is configured appropriately (all, -misc)

Verify that the pgaudit.log parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure pgaudit.log is configured appropriately (ddl,role,read,write)

Verify that the pgaudit.log parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure pgaudit.log is configured appropriately (ddl,role,write)

Verify that the pgaudit.log parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure pgaudit.log is configured appropriately (ddl)

Verify that the pgaudit.log parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure pgaudit.log is configured appropriately (read, write)

Verify that the pgaudit.log parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure pgaudit.log is configured appropriately (role)

Verify that the pgaudit.log parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure pgaudit.log_catalog is configured appropriately

Verify that the pgaudit.log_catalog parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure pgaudit.log_level is configured appropriately

Verify that the pgaudit.log_level parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure pgaudit.log_parameter is configured appropriately

Verify that the pgaudit.log_parameter parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure pgaudit.log_statement_once is configured appropriately

Verify that the pgaudit.log_statement_once parameter is setup appropriately accordingly to your security policy.

Risk: Medium

 

– Ensure the permissions on all PKI certificates are correct

Verify that all the PKI certificates used within the PostgreSQL installation have the correct permissions.

Risk: High

 

– Ensure the permissions on the postgresql.conf file are correct

Verify that the permissions on the PostgreSQL configuration file postgresql.conf are set to 600.

Risk: Medium

 

– Vulnerability in PostgreSQL core server - CVE-2021-20229

Check version to determine if the database contains vulnerability described by CVE-2021-20229.

Risk: Low

 

– Vulnerability in PostgreSQL core server - CVE-2021-3393

Check version to determine if the database contains vulnerability described by CVE-2021-3393.

Risk: Low

 

Updated Checks

PostgreSQL

– Latest patch not applied

Risk: High

– Patch release not applied on time

Risk: High

SAP ASE

– Latest patch not applied

Risk: High

– Patch not applied on time

Risk: High

New Policies

  • DISA-STIG Crunchy Data PostgreSQL V1R1 (Built-In)

Availability

  • Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
  • AppDetectivePRO customers can use the Updater within the product as well

 
View full post