Azure PostgreSQL Log Disconnections Not Enabled
ID: azure-postgres-log-disconnections-disabled
Severity: medium
Author: princechaddha
Tags: cloud,devops,azure,microsoft,postgresql,azure-cloud-config
Description
Section titled “Description”Ensure that the “log_disconnections” server parameter is enabled for all PostgreSQL database servers provisioned in your Microsoft Azure cloud account. The “log_disconnections” parameter enables the logging of session termination. The log output provides information similar to the one generated by the “log_connections” parameter, plus the duration of the session. Only Azure account admins can change this parameter at the session start, and it cannot be changed at all during a session.
YAML Source
Section titled “YAML Source”id: azure-postgres-log-disconnections-disabledinfo: name: Azure PostgreSQL Log Disconnections Not Enabled author: princechaddha severity: medium description: | Ensure that the "log_disconnections" server parameter is enabled for all PostgreSQL database servers provisioned in your Microsoft Azure cloud account. The "log_disconnections" parameter enables the logging of session termination. The log output provides information similar to the one generated by the "log_connections" parameter, plus the duration of the session. Only Azure account admins can change this parameter at the session start, and it cannot be changed at all during a session. impact: | Failing to enable the "log_disconnections" parameter can hinder monitoring and auditing capabilities, potentially obscuring insights into database session activities and durations. remediation: | Enable the "log_disconnections" parameter for your Azure PostgreSQL servers to enhance security and auditing capabilities. This change must be made by an Azure account admin at the session start. reference: - https://docs.microsoft.com/en-us/azure/postgresql/concepts-server-logs tags: cloud,devops,azure,microsoft,postgresql,azure-cloud-config
flow: | code(1); for (let ServerData of iterate(template.serverList)) { ServerData = JSON.parse(ServerData); set("name", ServerData.name); set("resourceGroup", ServerData.resourceGroup); code(2); }
self-contained: truecode: - engine: - sh - bash source: | az postgres server list --output json --query '[*].{"name":name, "resourceGroup":resourceGroup}'
extractors: - type: json name: serverList internal: true json: - '.[]'
- engine: - sh - bash source: | az postgres server configuration show --server-name "$name" --resource-group "$resourceGroup" --name log_disconnections --query 'value'
matchers: - type: word words: - 'off'
extractors: - type: dsl dsl: - 'name + " in " + resourceGroup + " has log_disconnections disabled"'# digest: 490a0046304402204f77dcd59190e68e75cb63ceb2678cc3a7e026d666683044bc97bdd01f709bf702203aee9e4338e022d7907642740944c2620a6efb2ed7fea614fb7593ddbd833b20:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "cloud/azure/postgresql/azure-postgres-log-disconnections-disabled.yaml"