More Info:
Ensure that “log_checkpoints” server parameter is enabled for all PostgreSQL database servers available within your Microsoft Azure cloud account. The “log_checkpoints” parameter allows checkpoints and restart points to be logged in the Azure PostgreSQL server log.Risk Level
MediumAddress
SecurityCompliance Standards
CISAZURE, CBP, HITRUST, SOC2, NISTCSF, PCIDSSTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of enabling “LOG_CHECKPOINTS” parameter for PostgreSQL servers in Azure, you can follow the below steps:
- Open the Azure portal and navigate to the Azure Database for PostgreSQL service.
- Select the PostgreSQL server for which you want to enable the “LOG_CHECKPOINTS” parameter.
- Click on the “Configuration” option in the left-hand menu.
- Under the “Settings” tab, scroll down to the “Custom” section and click on the ”+ Add” button.
- In the “Add Configuration Parameter” window, enter “log_checkpoints” in the “Name” field and “on” in the “Value” field.
- Click on the “OK” button to save the configuration parameter.
- Restart the PostgreSQL server for the changes to take effect.
Using CLI
Using CLI
To remediate the “LOG_CHECKPOINTS” parameter misconfiguration for PostgreSQL servers in Azure using Azure CLI, you can follow these steps:Make sure to replace Again, replace
- Open the Azure CLI on your local machine or through the Azure portal.
- Run the following command to log in to your Azure account:
- Once you are logged in, run the following command to list all the available PostgreSQL servers in your Azure account:
- Choose the server that you want to remediate and run the following command to get the current configuration settings:
<resource-group-name>
and <server-name>
with the actual names of your resource group and server.- Identify whether the “LOG_CHECKPOINTS” parameter is set to “off” or not in the output of the above command.
- If the “LOG_CHECKPOINTS” parameter is set to “off”, run the following command to update the configuration and enable it:
<resource-group-name>
and <server-name>
with the actual names of your resource group and server.- Verify the updated configuration by running the command in step 4 again.
- Repeat steps 5-7 for any other PostgreSQL servers that have the “LOG_CHECKPOINTS” parameter misconfiguration.
Using Python
Using Python
To remediate the misconfiguration of enabling the “LOG_CHECKPOINTS” parameter for PostgreSQL servers in Azure using Python, you can follow the below steps:
-
First, you need to connect to the Azure PostgreSQL server using the
psycopg2
library in Python. You can install it using the following command: -
Once you have installed the
psycopg2
library, you can use the following code snippet to connect to the Azure PostgreSQL server:Replace the<your_server_name>
,<your_database_name>
,<your_username>
, and<your_password>
with your actual server details. -
After connecting to the Azure PostgreSQL server, you can execute the following SQL query to enable the “LOG_CHECKPOINTS” parameter:
This query will enable the “LOG_CHECKPOINTS” parameter for the Azure PostgreSQL server.
-
Finally, you can close the connection to the Azure PostgreSQL server using the following code:
This will close the connection to the Azure PostgreSQL server.