Skip to content

Ensure 'log_disconnections' is enabled

Description

Enabling the log_disconnections setting logs the end of each session, including session duration.

This parameter cannot be changed after session start.

Rationale

PostgreSQL does not maintain the beginning or ending of a connection internally for later review.

It is only by enabling the logging of these that one can examine connections for failed attempts, 'over long' duration, or other anomalies.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine postgres

Default Rule

const { checkServerSetting } = module
/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the disconnections are being logged
 */

function validate(databaseSettings) {

    const settingName = 'log_disconnections'
    const expectedValue = "on"
    const success = checkServerSetting(databaseSettings, settingName, expectedValue)

    return {
        success,
    }
}

// invoke
validate(databaseSettings);