turbot/gcp_compliance

Control: 6.2.3 Ensure that the 'log_disconnections' database flag for Cloud SQL PostgreSQL instance is set to 'on'

Description

Enabling the log_disconnections setting logs the end of each session, including the session duration.

PostgreSQL does not log session details such as duration and session end by default. Enabling the log_disconnections setting will create log entries at the end of each session which can be useful in troubleshooting issues and determine any unusual activity across a time period. The log_disconnections and log_connections work hand in hand and generally, the pair would be enabled/disabled together. This recommendation is applicable to PostgreSQL database instances.

Remediation

From Console

  1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
  2. Select the PostgreSQL instance where the database flag needs to be enabled.
  3. Click Edit.
  4. Scroll down to the Flags section.
  5. To set a flag that has not been set on the instance before, click Add item, choose the flag log_disconnections from the drop-down menu and set the value as on.
  6. Click Save.
  7. Confirm the changes under Flags on the Overview page.

From Command Line

  1. Configure the log_disconnections database flag for every Cloud SQL PosgreSQL database instance using the below command:
gcloud sql instances patch <INSTANCE_NAME> --database-flags log_disconnections=on

Note: This command will overwrite all previously setdatabase flags. To keep those and add new ones, include the values for all flags to be set on the instance; any flag not specifically included is set to its default value. For flags that do not take a value, specify the flag name followed by an equals sign ("=").

Default Value

By default log_disconnections is off.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.cis_v200_6_2_3

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.cis_v200_6_2_3 --share

SQL

This control uses a named query:

sql_instance_postgresql_log_disconnections_database_flag_on

Tags