RDS Instance Events Not Logged
- Query id: b9c524a4-fe76-4021-a6a2-cb978fb4fde1
- Query name: RDS Instance Events Not Logged
- Platform: Terraform
- Severity: High
- Category: Observability
- URL: Github
Description¶
All RDS Instance events trackers should be 'true'
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "alicloud_log_audit" "example" {
display_name = "tf-audit-test"
aliuid = "12345678"
variable_map = {
"actiontrail_enabled" = "true",
"actiontrail_ttl" = "180",
"actiontrail_ti_enabled" = "true",
"oss_access_enabled" = "true",
"oss_access_ttl" = "7",
"oss_sync_enabled" = "true",
"oss_sync_ttl" = "180",
"oss_access_ti_enabled" = "true",
"oss_metering_enabled" = "true",
"oss_metering_ttl" = "180",
"rds_enabled" = "false",
"rds_audit_collection_policy" = "",
"rds_ttl" = "180",
"rds_ti_enabled" = "true",
"rds_slow_enabled" = "true",
"rds_slow_collection_policy" = "",
"rds_slow_ttl" = "180",
"rds_perf_enabled" = "true",
"rds_perf_collection_policy" = "",
"rds_perf_ttl" = "180",
"vpc_flow_enabled" = "true",
"vpc_flow_ttl" = "7",
"vpc_flow_collection_policy" = "",
"vpc_sync_enabled" = "true",
"vpc_sync_ttl" = "180",
"polardb_enabled" = "true",
"polardb_audit_collection_policy" = "",
"polardb_ttl" = "180",
"polardb_ti_enabled" = "true",
"polardb_slow_enabled" = "true",
"polardb_slow_collection_policy" = "",
"polardb_slow_ttl" = "180",
"polardb_perf_enabled" = "true",
"polardb_perf_collection_policy" = "",
"polardb_perf_ttl" = "180",
"drds_audit_enabled" = "true",
"drds_audit_collection_policy" = "",
"drds_audit_ttl" = "7",
"drds_sync_enabled" = "true",
"drds_sync_ttl" = "180",
"drds_audit_ti_enabled" = "true",
"slb_access_enabled" = "true",
"slb_access_collection_policy" = "",
"slb_access_ttl" = "7",
"slb_sync_enabled" = "true",
"slb_sync_ttl" = "180",
"slb_access_ti_enabled" = "true",
"bastion_enabled" = "true",
"bastion_ttl" = "180",
"bastion_ti_enabled" = "true",
"waf_enabled" = "true",
"waf_ttl" = "180",
"waf_ti_enabled" = "true",
"cloudfirewall_enabled" = "true",
"cloudfirewall_ttl" = "180",
"cloudfirewall_ti_enabled" = "true",
"ddos_coo_access_enabled" = "true",
"ddos_coo_access_ttl" = "180",
"ddos_coo_access_ti_enabled" = "true",
"ddos_bgp_access_enabled" = "true",
"ddos_bgp_access_ttl" = "180",
"ddos_dip_access_enabled" = "true",
"ddos_dip_access_ttl" = "180",
"ddos_dip_access_ti_enabled" = "true",
"sas_crack_enabled" = "true",
"sas_dns_enabled" = "true",
"sas_http_enabled" = "true",
"sas_local_dns_enabled" = "true",
"sas_login_enabled" = "true",
"sas_network_enabled" = "true",
"sas_process_enabled" = "true",
"sas_security_alert_enabled" = "true",
"sas_security_hc_enabled" = "true",
"sas_security_vul_enabled" = "true",
"sas_session_enabled" = "true",
"sas_snapshot_account_enabled" = "true",
"sas_snapshot_port_enabled" = "true",
"sas_snapshot_process_enabled" = "true",
"sas_ttl" = "180",
"sas_ti_enabled" = "true",
"apigateway_enabled" = "true",
"apigateway_ttl" = "180",
"apigateway_ti_enabled" = "true",
"nas_enabled" = "true",
"nas_ttl" = "180",
"nas_ti_enabled" = "true",
"appconnect_enabled" = "true",
"appconnect_ttl" = "180",
"cps_enabled" = "true",
"cps_ttl" = "180",
"cps_ti_enabled" = "true",
"k8s_audit_enabled" = "true",
"k8s_audit_collection_policy" = "",
"k8s_audit_ttl" = "180",
"k8s_event_enabled" = "true",
"k8s_event_collection_policy" = "",
"k8s_event_ttl" = "180",
"k8s_ingress_enabled" = "true",
"k8s_ingress_collection_policy" = "",
"k8s_ingress_ttl" = "180"
"appconnect_ti_enabled":"false"
}
}
Positive test num. 2 - tf file
resource "alicloud_log_audit" "example" {
display_name = "tf-audit-test"
aliuid = "12345678"
variable_map = {
"actiontrail_enabled" = "true",
"actiontrail_ttl" = "180",
"actiontrail_ti_enabled" = "true",
"oss_access_enabled" = "true",
"oss_access_ttl" = "7",
"oss_sync_enabled" = "true",
"oss_sync_ttl" = "180",
"oss_access_ti_enabled" = "true",
"oss_metering_enabled" = "true",
"oss_metering_ttl" = "180",
"rds_audit_collection_policy" = "",
"rds_ttl" = "180",
"rds_ti_enabled" = "true",
"rds_slow_enabled" = "true",
"rds_slow_collection_policy" = "",
"rds_slow_ttl" = "180",
"rds_perf_enabled" = "true",
"rds_perf_collection_policy" = "",
"rds_perf_ttl" = "180",
"vpc_flow_enabled" = "true",
"vpc_flow_ttl" = "7",
"vpc_flow_collection_policy" = "",
"vpc_sync_enabled" = "true",
"vpc_sync_ttl" = "180",
"polardb_enabled" = "true",
"polardb_audit_collection_policy" = "",
"polardb_ttl" = "180",
"polardb_ti_enabled" = "true",
"polardb_slow_enabled" = "true",
"polardb_slow_collection_policy" = "",
"polardb_slow_ttl" = "180",
"polardb_perf_enabled" = "true",
"polardb_perf_collection_policy" = "",
"polardb_perf_ttl" = "180",
"drds_audit_enabled" = "true",
"drds_audit_collection_policy" = "",
"drds_audit_ttl" = "7",
"drds_sync_enabled" = "true",
"drds_sync_ttl" = "180",
"drds_audit_ti_enabled" = "true",
"slb_access_enabled" = "true",
"slb_access_collection_policy" = "",
"slb_access_ttl" = "7",
"slb_sync_enabled" = "true",
"slb_sync_ttl" = "180",
"slb_access_ti_enabled" = "true",
"bastion_enabled" = "true",
"bastion_ttl" = "180",
"bastion_ti_enabled" = "true",
"waf_enabled" = "true",
"waf_ttl" = "180",
"waf_ti_enabled" = "true",
"cloudfirewall_enabled" = "true",
"cloudfirewall_ttl" = "180",
"cloudfirewall_ti_enabled" = "true",
"ddos_coo_access_enabled" = "true",
"ddos_coo_access_ttl" = "180",
"ddos_coo_access_ti_enabled" = "true",
"ddos_bgp_access_enabled" = "true",
"ddos_bgp_access_ttl" = "180",
"ddos_dip_access_enabled" = "true",
"ddos_dip_access_ttl" = "180",
"ddos_dip_access_ti_enabled" = "true",
"sas_crack_enabled" = "true",
"sas_dns_enabled" = "true",
"sas_http_enabled" = "true",
"sas_local_dns_enabled" = "true",
"sas_login_enabled" = "true",
"sas_network_enabled" = "true",
"sas_process_enabled" = "true",
"sas_security_alert_enabled" = "true",
"sas_security_hc_enabled" = "true",
"sas_security_vul_enabled" = "true",
"sas_session_enabled" = "true",
"sas_snapshot_account_enabled" = "true",
"sas_snapshot_port_enabled" = "true",
"sas_snapshot_process_enabled" = "true",
"sas_ttl" = "180",
"sas_ti_enabled" = "true",
"apigateway_enabled" = "true",
"apigateway_ttl" = "180",
"apigateway_ti_enabled" = "true",
"nas_enabled" = "true",
"nas_ttl" = "180",
"nas_ti_enabled" = "true",
"appconnect_enabled" = "true",
"appconnect_ttl" = "180",
"cps_enabled" = "true",
"cps_ttl" = "180",
"cps_ti_enabled" = "true",
"k8s_audit_enabled" = "true",
"k8s_audit_collection_policy" = "",
"k8s_audit_ttl" = "180",
"k8s_event_enabled" = "true",
"k8s_event_collection_policy" = "",
"k8s_event_ttl" = "180",
"k8s_ingress_enabled" = "true",
"k8s_ingress_collection_policy" = "",
"k8s_ingress_ttl" = "180"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "alicloud_log_audit" "example" {
display_name = "tf-audit-test"
aliuid = "12345678"
variable_map = {
"actiontrail_enabled" = "true",
"actiontrail_ttl" = "180",
"actiontrail_ti_enabled" = "true",
"oss_access_enabled" = "true",
"oss_access_ttl" = "7",
"oss_sync_enabled" = "true",
"oss_sync_ttl" = "180",
"oss_access_ti_enabled" = "true",
"oss_metering_enabled" = "true",
"oss_metering_ttl" = "180",
"rds_enabled" = "true",
"rds_audit_collection_policy" = "",
"rds_ttl" = "180",
"rds_ti_enabled" = "true",
"rds_slow_enabled" = "true",
"rds_slow_collection_policy" = "",
"rds_slow_ttl" = "180",
"rds_perf_enabled" = "true",
"rds_perf_collection_policy" = "",
"rds_perf_ttl" = "180",
"vpc_flow_enabled" = "true",
"vpc_flow_ttl" = "7",
"vpc_flow_collection_policy" = "",
"vpc_sync_enabled" = "true",
"vpc_sync_ttl" = "180",
"polardb_enabled" = "true",
"polardb_audit_collection_policy" = "",
"polardb_ttl" = "180",
"polardb_ti_enabled" = "true",
"polardb_slow_enabled" = "true",
"polardb_slow_collection_policy" = "",
"polardb_slow_ttl" = "180",
"polardb_perf_enabled" = "true",
"polardb_perf_collection_policy" = "",
"polardb_perf_ttl" = "180",
"drds_audit_enabled" = "true",
"drds_audit_collection_policy" = "",
"drds_audit_ttl" = "7",
"drds_sync_enabled" = "true",
"drds_sync_ttl" = "180",
"drds_audit_ti_enabled" = "true",
"slb_access_enabled" = "true",
"slb_access_collection_policy" = "",
"slb_access_ttl" = "7",
"slb_sync_enabled" = "true",
"slb_sync_ttl" = "180",
"slb_access_ti_enabled" = "true",
"bastion_enabled" = "true",
"bastion_ttl" = "180",
"bastion_ti_enabled" = "true",
"waf_enabled" = "true",
"waf_ttl" = "180",
"waf_ti_enabled" = "true",
"cloudfirewall_enabled" = "true",
"cloudfirewall_ttl" = "180",
"cloudfirewall_ti_enabled" = "true",
"ddos_coo_access_enabled" = "true",
"ddos_coo_access_ttl" = "180",
"ddos_coo_access_ti_enabled" = "true",
"ddos_bgp_access_enabled" = "true",
"ddos_bgp_access_ttl" = "180",
"ddos_dip_access_enabled" = "true",
"ddos_dip_access_ttl" = "180",
"ddos_dip_access_ti_enabled" = "true",
"sas_crack_enabled" = "true",
"sas_dns_enabled" = "true",
"sas_http_enabled" = "true",
"sas_local_dns_enabled" = "true",
"sas_login_enabled" = "true",
"sas_network_enabled" = "true",
"sas_process_enabled" = "true",
"sas_security_alert_enabled" = "true",
"sas_security_hc_enabled" = "true",
"sas_security_vul_enabled" = "true",
"sas_session_enabled" = "true",
"sas_snapshot_account_enabled" = "true",
"sas_snapshot_port_enabled" = "true",
"sas_snapshot_process_enabled" = "true",
"sas_ttl" = "180",
"sas_ti_enabled" = "true",
"apigateway_enabled" = "true",
"apigateway_ttl" = "180",
"apigateway_ti_enabled" = "true",
"nas_enabled" = "true",
"nas_ttl" = "180",
"nas_ti_enabled" = "true",
"appconnect_enabled" = "true",
"appconnect_ttl" = "180",
"cps_enabled" = "true",
"cps_ttl" = "180",
"cps_ti_enabled" = "true",
"k8s_audit_enabled" = "true",
"k8s_audit_collection_policy" = "",
"k8s_audit_ttl" = "180",
"k8s_event_enabled" = "true",
"k8s_event_collection_policy" = "",
"k8s_event_ttl" = "180",
"k8s_ingress_enabled" = "true",
"k8s_ingress_collection_policy" = "",
"k8s_ingress_ttl" = "180",
"appconnect_ti_enabled":"true"
}
}