Control: 6.8 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server
Description
Enable log_disconnections on PostgreSQL Servers.
Remediation
From Console
- Login to RDS Console.
- In the upper-left corner, select the region of the target instance.
- Locate the target instance, and click the instance ID to enter the
Basic Informationpage. - In the left-side navigation pane, select
Parameters. - Click the
Editicon oflog_disconnectionsparameter next theActual Valuecolumn. - Enter
Onas theActual Valueand clickConfirm. - Click
Apply Changes. - In the message that appears, click
Confirm.
Usage
Run the control in your terminal:
powerpipe control run alicloud_compliance.control.cis_v100_6_8Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run alicloud_compliance.control.cis_v100_6_8 --shareSQL
This control uses a named query:
select arn as resource, case when engine != 'PostgreSQL' then 'skip' when parameters -> 'RunningParameters' -> 'DBInstanceParameter' @> '[{"ParameterName": "log_disconnections", "ParameterValue": "on"}]' then 'ok' else 'alarm' end as status, case when engine != 'PostgreSQL' then title || ' is ' || engine || ' server.' when parameters -> 'RunningParameters' -> 'DBInstanceParameter' @> '[{"ParameterName": "log_disconnections", "ParameterValue": "on"}]' then title || ' ''log_disconnections'' parameter set to ''on''.' else title || ' ''log_disconnections'' parameter set to ''off''.' end as reason , account_id as account_id, region as regionfrom alicloud_rds_instance;