Skip to content

Ensure 'log_connections' is enabled

Description

Enabling the log_connections setting causes each attempted connection to the server to be logged, as well as successful completion of client authentication.

This parameter cannot be changed after session start.

Rationale

PostgreSQL does not maintain an internal record of attempted connections to the database for later auditing.

It is only by enabling the logging of these attempts that one can determine if unexpected attempts are being made.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine postgres

Default Rule

const { checkServerSetting } = module
/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the connections are being logged
 */

function validate(databaseSettings) {

    const settingName = 'log_connections'
    const expectedValue = "on"
    const success = checkServerSetting(databaseSettings, settingName, expectedValue)

    return {
        success,
    }
}

// invoke
validate(databaseSettings);