Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server
Enable log_connections on PostgreSQL Servers.
Risk Level: Low
Cloud Entity: Azure Database for PostgreSQL
CloudGuard Rule ID: D9.AZU.LOG.09
Covered by Spectral: Yes
Category: Database
GSL LOGIC
PostgreSQL should have logsConfiguration contain [ name='log_connections' and value regexMatch /[Oo][Nn]/ ]
REMEDIATION
From Portal
- Sign in to Azure Management Console
- Go to
Azure Database
forPostgreSQL server
- For each database, click on
Server parameters
- Search for
log_connections
- Click
ON
and save.
From TF
Set the 'name' and 'value' arguments under 'azurerm_postgresql_configuration' as below:
resource "azurerm_postgresql_configuration" "example" {
...
name = "log_connections"
value = "on"
...
}
From Command Line
Run
az postgres server configuration set --resource-group RESOURCEGROUPNAME --server-name SERVERNAME --name log_connections --value on
References
- https://docs.microsoft.com/en-us/azure/postgresql/concepts-server-logs
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_configuration#name
- https://docs.microsoft.com/en-us/cli/azure/postgres/server/configuration?view=azure-cli-latest#az-postgres-server-configuration-set
Azure Database for PostgreSQL
Azure Database for PostgreSQL is a relational database service based on the open-source Postgres database engine. It's a fully managed database as a service offering that can handle mission-critical workloads with predictable performance, security, high availability, and dynamic scalability. It's available in two deployment options, Single Server and Hyperscale (Citus) (preview). The Hyperscale (Citus) option horizontally scales queries across multiple machines using sharding, and serves applications that require greater scale and performance
Compliance Frameworks
- Azure CIS Foundations v. 1.1.0
- Azure CIS Foundations v. 1.2.0
- Azure CIS Foundations v. 1.3.0
- Azure CIS Foundations v. 1.3.1
- Azure CIS Foundations v. 1.4.0
- Azure CIS Foundations v. 1.5.0
- Azure CIS Foundations v.2.0
- Azure CloudGuard Best Practices
- Azure ITSG-33
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
Updated about 1 year ago