Enable "LOG_CHECKPOINTS" Parameter for PostgreSQL Servers

More Info:

Ensure that “log_checkpoints” server parameter is enabled for all PostgreSQL database servers available within your Microsoft Azure cloud account. The “log_checkpoints” parameter allows checkpoints and restart points to be logged in the Azure PostgreSQL server log.

Risk Level

Medium

Address

Security

Compliance Standards

CISAZURE, CBP, HITRUST, SOC2, NISTCSF, PCIDSS

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the “LOG_CHECKPOINTS” parameter misconfiguration for PostgreSQL servers in Azure using Azure CLI, you can follow these steps:

Open the Azure CLI on your local machine or through the Azure portal.
Run the following command to log in to your Azure account:

az login

Once you are logged in, run the following command to list all the available PostgreSQL servers in your Azure account:

az postgres server list

Choose the server that you want to remediate and run the following command to get the current configuration settings:

az postgres server configuration list --resource-group <resource-group-name> --server-name <server-name>

Make sure to replace <resource-group-name> and <server-name> with the actual names of your resource group and server.

Identify whether the “LOG_CHECKPOINTS” parameter is set to “off” or not in the output of the above command.
If the “LOG_CHECKPOINTS” parameter is set to “off”, run the following command to update the configuration and enable it:

az postgres server configuration set --resource-group <resource-group-name> --server-name <server-name> --name log_checkpoints --value on

Again, replace <resource-group-name> and <server-name> with the actual names of your resource group and server.

Verify the updated configuration by running the command in step 4 again.
Repeat steps 5-7 for any other PostgreSQL servers that have the “LOG_CHECKPOINTS” parameter misconfiguration.

By following these steps, you can remediate the “LOG_CHECKPOINTS” parameter misconfiguration for PostgreSQL servers in Azure using Azure CLI.

Using Python

To remediate the misconfiguration of enabling the “LOG_CHECKPOINTS” parameter for PostgreSQL servers in Azure using Python, you can follow the below steps:

First, you need to connect to the Azure PostgreSQL server using the psycopg2 library in Python. You can install it using the following command:
```
!pip install psycopg2-binary
```
Once you have installed the psycopg2 library, you can use the following code snippet to connect to the Azure PostgreSQL server:
```
import psycopg2

conn = psycopg2.connect(
    host="your_server_name.postgres.database.azure.com",
    database="your_database_name",
    user="your_username@your_server_name",
    password="your_password"
)
```
Replace the <your_server_name>, <your_database_name>, <your_username>, and <your_password> with your actual server details.
After connecting to the Azure PostgreSQL server, you can execute the following SQL query to enable the “LOG_CHECKPOINTS” parameter:
```
with conn.cursor() as cur:
    cur.execute("ALTER SYSTEM SET log_checkpoints = on;")
    conn.commit()
```
This query will enable the “LOG_CHECKPOINTS” parameter for the Azure PostgreSQL server.
Finally, you can close the connection to the Azure PostgreSQL server using the following code:
```
conn.close()
```
This will close the connection to the Azure PostgreSQL server.

By following the above steps, you can remediate the misconfiguration of enabling the “LOG_CHECKPOINTS” parameter for PostgreSQL servers in Azure using Python.

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Enable "LOG_CHECKPOINTS" Parameter for PostgreSQL Servers

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation