PostgreSQL Misconfigured Logging Duration Flag
- Query id: aed98a2a-e680-497a-8886-277cea0f4514
- Query name: PostgreSQL Misconfigured Logging Duration Flag
- Platform: Ansible
- Severity: High
- Category: Insecure Configurations
- URL: Github
Description¶
PostgreSQL database 'log_min_duration_statement' flag isn't set to '-1'
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - yaml file
- name: sql_instance
google.cloud.gcp_sql_instance:
auth_kind: serviceaccount
database_version: SQLSERVER_13_1
name: "{{ resource_name }}-2"
project: test_project
region: us-central1
service_account_file: /tmp/auth.pem
settings:
database_flags:
- name: log_min_duration_statement
value: 0
tier: db-n1-standard-1
state: present
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: sql_instance
google.cloud.gcp_sql_instance:
auth_kind: serviceaccount
database_version: SQLSERVER_13_1
name: '{{ resource_name }}-2'
project: test_project
region: us-central1
service_account_file: /tmp/auth.pem
settings:
database_flags:
- name: log_min_duration_statement
value: -1
tier: db-n1-standard-1
state: present