Skip to content

Ensure 'log_hostname' is set correctly

Description

Enabling the log_hostname setting causes the hostname of the connecting host to be logged in addition to the host's IP address for connection log messages. Disabling the setting causes only the connecting host's IP address to be logged, and not the hostname. Unless your organization's logging policy requires hostname logging, it is best to disable this setting so as not to incur the overhead of DNS resolution for each statement that is logged.

Rationale

Depending on your hostname resolution setup, enabling this setting might impose a non- negligible performance penalty. Additionally, the IP addresses that are logged can be resolved to their DNS names when reviewing the logs (unless dynamic host names are being used as part of your DHCP setup).

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine postgres

Default Rule

const { checkServerSetting } = module

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the log_hostname is set correctly (off by default)
 */

function validate(databaseSettings, parameters = { log_hostname : 'off' }) {
    const settingName = 'log_hostname'
    const expectedValue = parameters.log_hostname
    const success = checkServerSetting(databaseSettings, settingName, expectedValue)
    return {
        success,
    }
}

// invoke
// TODO: add parameters
validate(databaseSettings);