RDS Instance Events Not Logged

  • Query id: b9c524a4-fe76-4021-a6a2-cb978fb4fde1
  • Query name: RDS Instance Events Not Logged
  • Platform: Terraform
  • Severity: High
  • Category: Observability
  • URL: Github

Description

All RDS Instance events trackers should be 'true'
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "alicloud_log_audit" "example" {
  display_name = "tf-audit-test"
  aliuid       = "12345678"
  variable_map = {
    "actiontrail_enabled" = "true",
    "actiontrail_ttl" = "180",
    "actiontrail_ti_enabled" = "true",
    "oss_access_enabled" = "true",
    "oss_access_ttl" = "7",
    "oss_sync_enabled" = "true",
    "oss_sync_ttl" = "180",
    "oss_access_ti_enabled" = "true",
    "oss_metering_enabled" = "true",
    "oss_metering_ttl" = "180",
    "rds_enabled" = "false",
    "rds_audit_collection_policy" = "",
    "rds_ttl" = "180",
    "rds_ti_enabled" = "true",
    "rds_slow_enabled" = "true",
    "rds_slow_collection_policy" = "",
    "rds_slow_ttl" = "180",
    "rds_perf_enabled" = "true",
    "rds_perf_collection_policy" = "",
    "rds_perf_ttl" = "180",
    "vpc_flow_enabled" = "true",
    "vpc_flow_ttl" = "7",
    "vpc_flow_collection_policy" = "",
    "vpc_sync_enabled" = "true",
    "vpc_sync_ttl" = "180",
    "polardb_enabled" = "true",
    "polardb_audit_collection_policy" = "",
    "polardb_ttl" = "180",
    "polardb_ti_enabled" = "true",
    "polardb_slow_enabled" = "true",
    "polardb_slow_collection_policy" = "",
    "polardb_slow_ttl" = "180",
    "polardb_perf_enabled" = "true",
    "polardb_perf_collection_policy" = "",
    "polardb_perf_ttl" = "180",
    "drds_audit_enabled" = "true",
    "drds_audit_collection_policy" = "",
    "drds_audit_ttl" = "7",
    "drds_sync_enabled" = "true",
    "drds_sync_ttl" = "180",
    "drds_audit_ti_enabled" = "true",
    "slb_access_enabled" = "true",
    "slb_access_collection_policy" = "",
    "slb_access_ttl" = "7",
    "slb_sync_enabled" = "true",
    "slb_sync_ttl" = "180",
    "slb_access_ti_enabled" = "true",
    "bastion_enabled" = "true",
    "bastion_ttl" = "180",
    "bastion_ti_enabled" = "true",
    "waf_enabled" = "true",
    "waf_ttl" = "180",
    "waf_ti_enabled" = "true",
    "cloudfirewall_enabled" = "true",
    "cloudfirewall_ttl" = "180",
    "cloudfirewall_ti_enabled" = "true",
    "ddos_coo_access_enabled" = "true",
    "ddos_coo_access_ttl" = "180",
    "ddos_coo_access_ti_enabled" = "true",
    "ddos_bgp_access_enabled" = "true",
    "ddos_bgp_access_ttl" = "180",
    "ddos_dip_access_enabled" = "true",
    "ddos_dip_access_ttl" = "180",
    "ddos_dip_access_ti_enabled" = "true",
    "sas_crack_enabled" = "true",
    "sas_dns_enabled" = "true",
    "sas_http_enabled" = "true",
    "sas_local_dns_enabled" = "true",
    "sas_login_enabled" = "true",
    "sas_network_enabled" = "true",
    "sas_process_enabled" = "true",
    "sas_security_alert_enabled" = "true",
    "sas_security_hc_enabled" = "true",
    "sas_security_vul_enabled" = "true",
    "sas_session_enabled" = "true",
    "sas_snapshot_account_enabled" = "true",
    "sas_snapshot_port_enabled" = "true",
    "sas_snapshot_process_enabled" = "true",
    "sas_ttl" = "180",
    "sas_ti_enabled" = "true",
    "apigateway_enabled" = "true",
    "apigateway_ttl" = "180",
    "apigateway_ti_enabled" = "true",
    "nas_enabled" = "true",
    "nas_ttl" = "180",
    "nas_ti_enabled" = "true",
    "appconnect_enabled" = "true",
    "appconnect_ttl" = "180",
    "cps_enabled" = "true",
    "cps_ttl" = "180",
    "cps_ti_enabled" = "true",
    "k8s_audit_enabled" = "true",
    "k8s_audit_collection_policy" = "",
    "k8s_audit_ttl" = "180",
    "k8s_event_enabled" = "true",
    "k8s_event_collection_policy" = "",
    "k8s_event_ttl" = "180",
    "k8s_ingress_enabled" = "true",
    "k8s_ingress_collection_policy" = "",
    "k8s_ingress_ttl" = "180"
    "appconnect_ti_enabled":"false"
  }
}
Positive test num. 2 - tf file
resource "alicloud_log_audit" "example" {
  display_name = "tf-audit-test"
  aliuid       = "12345678"
  variable_map = {
    "actiontrail_enabled" = "true",
    "actiontrail_ttl" = "180",
    "actiontrail_ti_enabled" = "true",
    "oss_access_enabled" = "true",
    "oss_access_ttl" = "7",
    "oss_sync_enabled" = "true",
    "oss_sync_ttl" = "180",
    "oss_access_ti_enabled" = "true",
    "oss_metering_enabled" = "true",
    "oss_metering_ttl" = "180",
    "rds_audit_collection_policy" = "",
    "rds_ttl" = "180",
    "rds_ti_enabled" = "true",
    "rds_slow_enabled" = "true",
    "rds_slow_collection_policy" = "",
    "rds_slow_ttl" = "180",
    "rds_perf_enabled" = "true",
    "rds_perf_collection_policy" = "",
    "rds_perf_ttl" = "180",
    "vpc_flow_enabled" = "true",
    "vpc_flow_ttl" = "7",
    "vpc_flow_collection_policy" = "",
    "vpc_sync_enabled" = "true",
    "vpc_sync_ttl" = "180",
    "polardb_enabled" = "true",
    "polardb_audit_collection_policy" = "",
    "polardb_ttl" = "180",
    "polardb_ti_enabled" = "true",
    "polardb_slow_enabled" = "true",
    "polardb_slow_collection_policy" = "",
    "polardb_slow_ttl" = "180",
    "polardb_perf_enabled" = "true",
    "polardb_perf_collection_policy" = "",
    "polardb_perf_ttl" = "180",
    "drds_audit_enabled" = "true",
    "drds_audit_collection_policy" = "",
    "drds_audit_ttl" = "7",
    "drds_sync_enabled" = "true",
    "drds_sync_ttl" = "180",
    "drds_audit_ti_enabled" = "true",
    "slb_access_enabled" = "true",
    "slb_access_collection_policy" = "",
    "slb_access_ttl" = "7",
    "slb_sync_enabled" = "true",
    "slb_sync_ttl" = "180",
    "slb_access_ti_enabled" = "true",
    "bastion_enabled" = "true",
    "bastion_ttl" = "180",
    "bastion_ti_enabled" = "true",
    "waf_enabled" = "true",
    "waf_ttl" = "180",
    "waf_ti_enabled" = "true",
    "cloudfirewall_enabled" = "true",
    "cloudfirewall_ttl" = "180",
    "cloudfirewall_ti_enabled" = "true",
    "ddos_coo_access_enabled" = "true",
    "ddos_coo_access_ttl" = "180",
    "ddos_coo_access_ti_enabled" = "true",
    "ddos_bgp_access_enabled" = "true",
    "ddos_bgp_access_ttl" = "180",
    "ddos_dip_access_enabled" = "true",
    "ddos_dip_access_ttl" = "180",
    "ddos_dip_access_ti_enabled" = "true",
    "sas_crack_enabled" = "true",
    "sas_dns_enabled" = "true",
    "sas_http_enabled" = "true",
    "sas_local_dns_enabled" = "true",
    "sas_login_enabled" = "true",
    "sas_network_enabled" = "true",
    "sas_process_enabled" = "true",
    "sas_security_alert_enabled" = "true",
    "sas_security_hc_enabled" = "true",
    "sas_security_vul_enabled" = "true",
    "sas_session_enabled" = "true",
    "sas_snapshot_account_enabled" = "true",
    "sas_snapshot_port_enabled" = "true",
    "sas_snapshot_process_enabled" = "true",
    "sas_ttl" = "180",
    "sas_ti_enabled" = "true",
    "apigateway_enabled" = "true",
    "apigateway_ttl" = "180",
    "apigateway_ti_enabled" = "true",
    "nas_enabled" = "true",
    "nas_ttl" = "180",
    "nas_ti_enabled" = "true",
    "appconnect_enabled" = "true",
    "appconnect_ttl" = "180",
    "cps_enabled" = "true",
    "cps_ttl" = "180",
    "cps_ti_enabled" = "true",
    "k8s_audit_enabled" = "true",
    "k8s_audit_collection_policy" = "",
    "k8s_audit_ttl" = "180",
    "k8s_event_enabled" = "true",
    "k8s_event_collection_policy" = "",
    "k8s_event_ttl" = "180",
    "k8s_ingress_enabled" = "true",
    "k8s_ingress_collection_policy" = "",
    "k8s_ingress_ttl" = "180"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "alicloud_log_audit" "example" {
  display_name = "tf-audit-test"
  aliuid       = "12345678"
  variable_map = {
    "actiontrail_enabled" = "true",
    "actiontrail_ttl" = "180",
    "actiontrail_ti_enabled" = "true",
    "oss_access_enabled" = "true",
    "oss_access_ttl" = "7",
    "oss_sync_enabled" = "true",
    "oss_sync_ttl" = "180",
    "oss_access_ti_enabled" = "true",
    "oss_metering_enabled" = "true",
    "oss_metering_ttl" = "180",
    "rds_enabled" = "true",
    "rds_audit_collection_policy" = "",
    "rds_ttl" = "180",
    "rds_ti_enabled" = "true",
    "rds_slow_enabled" = "true",
    "rds_slow_collection_policy" = "",
    "rds_slow_ttl" = "180",
    "rds_perf_enabled" = "true",
    "rds_perf_collection_policy" = "",
    "rds_perf_ttl" = "180",
    "vpc_flow_enabled" = "true",
    "vpc_flow_ttl" = "7",
    "vpc_flow_collection_policy" = "",
    "vpc_sync_enabled" = "true",
    "vpc_sync_ttl" = "180",
    "polardb_enabled" = "true",
    "polardb_audit_collection_policy" = "",
    "polardb_ttl" = "180",
    "polardb_ti_enabled" = "true",
    "polardb_slow_enabled" = "true",
    "polardb_slow_collection_policy" = "",
    "polardb_slow_ttl" = "180",
    "polardb_perf_enabled" = "true",
    "polardb_perf_collection_policy" = "",
    "polardb_perf_ttl" = "180",
    "drds_audit_enabled" = "true",
    "drds_audit_collection_policy" = "",
    "drds_audit_ttl" = "7",
    "drds_sync_enabled" = "true",
    "drds_sync_ttl" = "180",
    "drds_audit_ti_enabled" = "true",
    "slb_access_enabled" = "true",
    "slb_access_collection_policy" = "",
    "slb_access_ttl" = "7",
    "slb_sync_enabled" = "true",
    "slb_sync_ttl" = "180",
    "slb_access_ti_enabled" = "true",
    "bastion_enabled" = "true",
    "bastion_ttl" = "180",
    "bastion_ti_enabled" = "true",
    "waf_enabled" = "true",
    "waf_ttl" = "180",
    "waf_ti_enabled" = "true",
    "cloudfirewall_enabled" = "true",
    "cloudfirewall_ttl" = "180",
    "cloudfirewall_ti_enabled" = "true",
    "ddos_coo_access_enabled" = "true",
    "ddos_coo_access_ttl" = "180",
    "ddos_coo_access_ti_enabled" = "true",
    "ddos_bgp_access_enabled" = "true",
    "ddos_bgp_access_ttl" = "180",
    "ddos_dip_access_enabled" = "true",
    "ddos_dip_access_ttl" = "180",
    "ddos_dip_access_ti_enabled" = "true",
    "sas_crack_enabled" = "true",
    "sas_dns_enabled" = "true",
    "sas_http_enabled" = "true",
    "sas_local_dns_enabled" = "true",
    "sas_login_enabled" = "true",
    "sas_network_enabled" = "true",
    "sas_process_enabled" = "true",
    "sas_security_alert_enabled" = "true",
    "sas_security_hc_enabled" = "true",
    "sas_security_vul_enabled" = "true",
    "sas_session_enabled" = "true",
    "sas_snapshot_account_enabled" = "true",
    "sas_snapshot_port_enabled" = "true",
    "sas_snapshot_process_enabled" = "true",
    "sas_ttl" = "180",
    "sas_ti_enabled" = "true",
    "apigateway_enabled" = "true",
    "apigateway_ttl" = "180",
    "apigateway_ti_enabled" = "true",
    "nas_enabled" = "true",
    "nas_ttl" = "180",
    "nas_ti_enabled" = "true",
    "appconnect_enabled" = "true",
    "appconnect_ttl" = "180",
    "cps_enabled" = "true",
    "cps_ttl" = "180",
    "cps_ti_enabled" = "true",
    "k8s_audit_enabled" = "true",
    "k8s_audit_collection_policy" = "",
    "k8s_audit_ttl" = "180",
    "k8s_event_enabled" = "true",
    "k8s_event_collection_policy" = "",
    "k8s_event_ttl" = "180",
    "k8s_ingress_enabled" = "true",
    "k8s_ingress_collection_policy" = "",
    "k8s_ingress_ttl" = "180",
    "appconnect_ti_enabled":"true"
  }
}