Here is a list of all controls implemented in this puppet module. The link takes you to the documentation of the implementation class.

1 Installation and Patches

1.1 Ensure packages are obtained from authorized repositories (Not Scored)
1.2 Ensure Installation of Binary Packages (Not Scored)
1.3 Ensure Installation of Community Packages (Not Scored)
1.4 Ensure systemd Service Files Are Enabled (Scored)
1.5 Ensure Data Cluster Initialized Successfully (Scored)

2 Directory and File Permissions

2.1 Ensure the file permissions mask is correct (Scored)
2.2 Ensure the PostgreSQL pg_wheel group membership is correct (Scored)

3 Logging Monitoring And Auditing (Centos 6)

3.1 PostgreSQL Logging
3.1.1 Logging Rationale
3.1.2 Ensure the log destinations are set correctly (Scored)
3.1.3 Ensure the logging collector is enabled (Scored)
3.1.4 Ensure the log file destination directory is set correctly (Scored)
3.1.5 Ensure the filename pattern for log files is set correctly (Scored)
3.1.6 Ensure the log file permissions are set correctly (Scored)
3.1.7 Ensure ‘log_truncate_on_rotation’ is enabled (Scored)
3.1.8 Ensure the maximum log file lifetime is set correctly (Scored)
3.1.9 Ensure the maximum log file size is set correctly (Scored)
3.1.10 Ensure the correct syslog facility is selected (Scored)
3.1.11 Ensure the program name for PostgreSQL syslog messages is correct (Scored)
3.1.12 Ensure the correct messages are written to the server log (Not Scored)
3.1.13 Ensure the correct SQL statements generating errors are recorded (Not Scored)
3.1.14 Ensure ‘debug_print_parse’ is disabled (Scored)
3.1.15 Ensure ‘debug_print_rewritten’ is disabled (Scored)
3.1.16 Ensure ‘debug_print_plan’ is disabled (Scored)
3.1.17 Ensure ‘debug_pretty_print’ is enabled (Scored)
3.1.18 Ensure ‘log_connections’ is enabled (Scored)
3.1.19 Ensure ‘log_disconnections’ is enabled (Scored)
3.1.20 Ensure ‘log_error_verbosity’ is set correctly (Not Scored)
3.1.21 Ensure ‘log_hostname’ is set correctly (Scored)
3.1.22 Ensure ‘log_line_prefix’ is set correctly (Not Scored)
3.1.23 Ensure ‘log_statement’ is set correctly (Scored)
3.1.24 Ensure ‘log_timezone’ is set correctly (Scored)
3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled (Scored)

4 User Access and Authorization

4.1 Ensure sudo is configured correctly (Scored)
4.2 Ensure excessive administrative privileges are revoked (Scored)
4.3 Ensure excessive function privileges are revoked (Scored)
4.4 Ensure excessive DML privileges are revoked (Scored)
4.5 Use pg_permission extension to audit object permissions (Not Scored)
4.6 Ensure Row Level Security (RLS) is configured correctly (Not Scored)
4.7 Ensure the set_user extension is installed (Not Scored)
4.8 Make use of default roles (Not Scored)

5 Connection and Login

5.1 Ensure login via “local” UNIX Domain Socket is configured correctly (Not Scored)
5.2 Ensure login via “host” TCP/IP Socket is configured correctly (Scored)

6 PostgreSQL Settings

6.1 Ensure ‘Attack Vectors’ Runtime Parameters are Configured (Not Scored)
6.2 Ensure ‘backend’ runtime parameters are configured correctly (Scored)
6.3 Ensure ‘Postmaster’ Runtime Parameters are Configured (Not Scored)
6.4 Ensure ‘SIGHUP’ Runtime Parameters are Configured (Not Scored)
6.5 Ensure ‘Superuser’ Runtime Parameters are Configured (Not Scored)
6.6 Ensure ‘User’ Runtime Parameters are Configured (Not Scored)
6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used (Scored)
6.8 Ensure SSL is enabled and configured correctly (Scored)
6.9 Ensure the pgcrypto extension is installed and configured correctly (Not Scored)

7 Replication

7.1 Ensure a replication-only user is created and used for streaming replication (Not Scored)
7.2 Ensure base backups are configured and functional (Not Scored)
7.3 Ensure WAL archiving is configured and functional (Scored)
7.4 Ensure streaming replication parameters are configured correctly (Not Scored)

8 Special Configuration Considerations

8.1 Ensure PostgreSQL configuration files are outside the data cluster (Not Scored)
8.2 Ensure PostgreSQL subdirectory locations are outside the data cluster (Not Scored)
8.3 Ensure the backup and restore tool, ‘pgBackRest’, is installed and configured (Not Scored)
8.4 Ensure miscellaneous configuration settings are correct (Not Scored)