nuclei-templates/cloud/azure/postgresql/azure-postgres-log-disconne...

id: azure-postgres-log-disconnections-disabled
info:
  name: Azure PostgreSQL Log Disconnections Not Enabled
  author: princechaddha
  severity: medium
  description: |
    Ensure that the "log_disconnections" server parameter is enabled for all PostgreSQL database servers provisioned in your Microsoft Azure cloud account. The "log_disconnections" parameter enables the logging of session termination. The log output provides information similar to the one generated by the "log_connections" parameter, plus the duration of the session. Only Azure account admins can change this parameter at the session start, and it cannot be changed at all during a session.
  impact: |
    Failing to enable the "log_disconnections" parameter can hinder monitoring and auditing capabilities, potentially obscuring insights into database session activities and durations.
  remediation: |
    Enable the "log_disconnections" parameter for your Azure PostgreSQL servers to enhance security and auditing capabilities. This change must be made by an Azure account admin at the session start.
  reference:
    - https://docs.microsoft.com/en-us/azure/postgresql/concepts-server-logs
  tags: cloud,devops,azure,microsoft,postgresql,azure-cloud-config

flow: |
  code(1);
  for (let ServerData of iterate(template.serverList)) {
    ServerData = JSON.parse(ServerData);
    set("name", ServerData.name);
    set("resourceGroup", ServerData.resourceGroup);
    code(2);
  }

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      az postgres server list --output json --query '[*].{"name":name, "resourceGroup":resourceGroup}'

    extractors:
      - type: json
        name: serverList
        internal: true
        json:
          - '.[]'

  - engine:
      - sh
      - bash
    source: |
      az postgres server configuration show --server-name "$name" --resource-group "$resourceGroup" --name log_disconnections --query 'value'

    matchers:
      - type: word
        words:
          - 'off'

    extractors:
      - type: dsl
        dsl:
          - 'name + " in " + resourceGroup + " has log_disconnections disabled"'
# digest: 4a0a00473045022100ef27e47360ee1f0d048724a45804a270004c9e2ad894568ab7ccdc34d1101a1202201d8702bc0af4b22470025c2b97f01eaaf6e0c1d0dd86d60fb8266ea6eed5fd42:922c64590222798bb761d5b6d8e72950
added postgresql + redis + search + securitycenter + servicebus + tags templates 2024-09-07 09:36:05 +00:00			`id: azure-postgres-log-disconnections-disabled`
			`info:`
			`name: Azure PostgreSQL Log Disconnections Not Enabled`
			`author: princechaddha`
			`severity: medium`
			`description: \|`
			`Ensure that the "log_disconnections" server parameter is enabled for all PostgreSQL database servers provisioned in your Microsoft Azure cloud account. The "log_disconnections" parameter enables the logging of session termination. The log output provides information similar to the one generated by the "log_connections" parameter, plus the duration of the session. Only Azure account admins can change this parameter at the session start, and it cannot be changed at all during a session.`
			`impact: \|`
			`Failing to enable the "log_disconnections" parameter can hinder monitoring and auditing capabilities, potentially obscuring insights into database session activities and durations.`
			`remediation: \|`
			`Enable the "log_disconnections" parameter for your Azure PostgreSQL servers to enhance security and auditing capabilities. This change must be made by an Azure account admin at the session start.`
			`reference:`
			`- https://docs.microsoft.com/en-us/azure/postgresql/concepts-server-logs`
			`tags: cloud,devops,azure,microsoft,postgresql,azure-cloud-config`

			`flow: \|`
			`code(1);`
			`for (let ServerData of iterate(template.serverList)) {`
			`ServerData = JSON.parse(ServerData);`
			`set("name", ServerData.name);`
			`set("resourceGroup", ServerData.resourceGroup);`
			`code(2);`
			`}`

			`self-contained: true`
			`code:`
			`- engine:`
			`- sh`
			`- bash`
			`source: \|`
			`az postgres server list --output json --query '[*].{"name":name, "resourceGroup":resourceGroup}'`

			`extractors:`
			`- type: json`
			`name: serverList`
			`internal: true`
			`json:`
			`- '.[]'`

			`- engine:`
			`- sh`
			`- bash`
			`source: \|`
			`az postgres server configuration show --server-name "$name" --resource-group "$resourceGroup" --name log_disconnections --query 'value'`

			`matchers:`
			`- type: word`
			`words:`
			`- 'off'`

			`extractors:`
			`- type: dsl`
			`dsl:`
			`- 'name + " in " + resourceGroup + " has log_disconnections disabled"'`
chore: sign templates 🤖 2024-09-12 05:59:14 +00:00			`# digest: 4a0a00473045022100ef27e47360ee1f0d048724a45804a270004c9e2ad894568ab7ccdc34d1101a1202201d8702bc0af4b22470025c2b97f01eaaf6e0c1d0dd86d60fb8266ea6eed5fd42:922c64590222798bb761d5b6d8e72950`