Risk Level: Low
Description:
For the PostgreSQL server, this plugin guarantees logs are configured to be kept for at least 4 days. The "log retention days" parameter specifies the number of days that log data should be kept for databases hosted on Azure PostgreSQL servers. A long log retention policy ensures that all key logs are kept for a long enough time that they may be accessed and viewed in the event of a security breach.
Recommended Action: Ensure the server parameters for each PostgreSQL server have the log_retention_days setting set to 4 or more days.
Configuration Parameters
Minimum Log Retention In Days: This parameter denotes the threshold of the minimum number of retention days for the logs. If the log retention period is set for lesser than the specified days, it will show an alert.
By default, the value is set to 3, so it will generate vulnerability if the number of days is less than 3.
About the Service :
The PostgreSQL Community Edition database engine powers Azure Database for PostgreSQL, a relational database service in the Microsoft cloud. Azure Database for PostgreSQL includes built-in quality, data protection, and automated maintenance for the underlying hardware, operating system, and database engine, among other features.
Impact:
If the log retention period is set to 3 or fewer days, you will not be able to collect a sufficient amount of logging data required to identify and troubleshoot any PostgreSQL security and performance issues. Query logs and error logs are two types of logging data that can be used to identify anomalies and potential security breaches, as well as misuse of information and unauthorized access to PostgreSQL databases.
Steps to reproduce :
- Sign in to Azure Management Console.
- Navigate to the Azure All Resources portal at: https://portal.azure.com/#blade/HubsExtension/BrowseAll
- From the Type filter available at the filter bar, select the resource type as only Azure Database for PostgreSQL server.
- Select the name of the PostgreSQL database server that you want to examine from all the listed servers.
- In the navigation panel, select Server Parameters.
- In the search bar, search for log_retention_days.
- Check the value within the Value column.
- If it is set to 3 or fewer days, the "log_retention_days" parameter value is not compliant, therefore the selected Azure PostgreSQL database
- Repeat steps no. 3 – 8 for each PostgreSQL database server provisioned in the current Azure subscription as well as in other subscriptions in your Microsoft Azure cloud account.
Steps for remediation :
- Sign in to Azure Management Console.
- Navigate to the Azure All Resources portal at: https://portal.azure.com/#blade/HubsExtension/BrowseAll
- From the Type filter available at the filter bar, select the resource type as only Azure Database for PostgreSQL server.
- Select the name of the PostgreSQL database server that you want to examine from all the listed servers.
- In the navigation panel, select Server Parameters.
- In the search bar, search for log_retention_days.
- Set the value within the Value column to 4 or more days.
- Click Save to save the changes.
- Repeat steps no. 3 - 10 to reconfigure other PostgreSQL database servers provisioned in all your Azure subscriptions.
References:
- https://docs.microsoft.com/en-us/azure/postgresql/concepts-monitoring
- https://docs.microsoft.com/en-us/azure/postgresql/concepts-server-logs
Please feel free to reach out to support@pingsafe.ai with any questions that you may have.
Thanks
PingSafe Support