Control: 6.9 Ensure server parameter 'log_duration is set to 'ON' for PostgreSQL Database Server

Description

Enable log_duration on PostgreSQL Servers.

Remediation

From Console

Logon to RDS Console.
In the upper-left corner, select the region of the target instance.
Locate the target instance, and click the instance ID to enter the Basic Information page.
In the left-side navigation pane, select Parameters.
Click the Edit icon of log_durantion parameter next the Actual Value column.
Enter On as the Actual Value and click Confirm.
Click Apply Changes.
In the message that appears, click Confirm.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_6_9

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_6_9 --share

SQL

This control uses a named query:

select
  arn as resource,
  case
    when engine != 'PostgreSQL' then 'skip'
    when parameters -> 'RunningParameters' -> 'DBInstanceParameter' @> '[{"ParameterName": "log_duration", "ParameterValue": "on"}]' then 'ok'
    else 'alarm'
  end as status,
  case
    when engine != 'PostgreSQL' then title || ' is ' || engine || ' server.'
    when parameters -> 'RunningParameters' -> 'DBInstanceParameter' @> '[{"ParameterName": "log_duration", "ParameterValue": "on"}]' then title || ' ''log_duration'' parameter set to ''on''.'
    else title || ' ''log_duration'' parameter set to ''off''.'
  end as reason
  
  , account_id as account_id, region as region
from
  alicloud_rds_instance;

Control: 6.9 Ensure server parameter 'log_duration is set to 'ON' for PostgreSQL Database Server

Description

Remediation

From Console

Usage

SQL

Tags