PostgreSQL Log Connections Disabled
- Query id: d7a5616f-0a3f-4d43-bc2b-29d1a183e317
- Query name: PostgreSQL Log Connections Disabled
- Platform: Ansible
- Severity: High
- Category: Observability
- URL: Github
Description¶
PostgreSQL database instance should have a 'log_connections' flag with its value set to 'on'
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: create instance
google.cloud.gcp_sql_instance:
name: GCP instance
settings:
databaseFlags:
- name: log_connections
value: off
tier: db-n1-standard-1
region: us-central1
project: test_project
database_version: POSTGRES_9_6
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
- name: create another instance
google.cloud.gcp_sql_instance:
name: GCP instance 2
settings:
tier: db-n1-standard-1
region: us-central1
project: test_project
database_version: POSTGRES_9_6
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: create a instance
google.cloud.gcp_sql_instance:
name: GCP instance
settings:
databaseFlags:
- name: log_connections
value: on
tier: db-n1-standard-1
region: us-central1
project: test_project
database_version: POSTGRES_9_6
auth_kind: serviceaccount
service_account_file: /tmp/auth.pem
state: present