Ensure that the "log_disconnections" server parameter is enabled for all PostgreSQL database servers provisioned in your Microsoft Azure cloud account. The "log_disconnections" parameter enables the logging of session termination. The log output provides information similar to the one generated by the "log_connections" parameter, plus the duration of the session. Only Azure account admins can change this parameter at the session start, and it cannot be changed at all during a session.
PoC代码[已公开]
id: azure-postgres-log-disconnections-disabled
info:
name: Azure PostgreSQL Log Disconnections Not Enabled
author: princechaddha
severity: medium
description: |
Ensure that the "log_disconnections" server parameter is enabled for all PostgreSQL database servers provisioned in your Microsoft Azure cloud account. The "log_disconnections" parameter enables the logging of session termination. The log output provides information similar to the one generated by the "log_connections" parameter, plus the duration of the session. Only Azure account admins can change this parameter at the session start, and it cannot be changed at all during a session.
impact: |
Failing to enable the "log_disconnections" parameter can hinder monitoring and auditing capabilities, potentially obscuring insights into database session activities and durations.
remediation: |
Enable the "log_disconnections" parameter for your Azure PostgreSQL servers to enhance security and auditing capabilities. This change must be made by an Azure account admin at the session start.
reference:
- https://docs.microsoft.com/en-us/azure/postgresql/concepts-server-logs
tags: cloud,devops,azure,microsoft,postgresql,azure-cloud-config
flow: |
code(1);
for (let ServerData of iterate(template.serverList)) {
ServerData = JSON.parse(ServerData);
set("name", ServerData.name);
set("resourceGroup", ServerData.resourceGroup);
code(2);
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
az postgres server list --output json --query '[*].{"name":name, "resourceGroup":resourceGroup}'
extractors:
- type: json
name: serverList
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
az postgres server configuration show --server-name "$name" --resource-group "$resourceGroup" --name log_disconnections --query 'value'
matchers:
- type: word
words:
- 'off'
extractors:
- type: dsl
dsl:
- 'name + " in " + resourceGroup + " has log_disconnections disabled"'
# digest: 490a0046304402204f77dcd59190e68e75cb63ceb2678cc3a7e026d666683044bc97bdd01f709bf702203aee9e4338e022d7907642740944c2620a6efb2ed7fea614fb7593ddbd833b20:922c64590222798bb761d5b6d8e72950