GCP Introduction
GCP Pricing
GCP Threats
GCP Misconfigurations
- Getting Started with GCP Audit
- CloudSql Audit
- Cloud Tasks Monitoring
- Dataflow Monitoring
- Function Monitoring
- Monitoring Compliance
- PubSubLite Monitoring
- Spanner Monitoring
- NoSQL Monitoring
- Compute Audit
- IAM Audit
- BigQuery Monitoring
- CDN Monitoring
- DNS Monitoring
- KMS Monitoring
- Kubernetes Audit
- Load Balancer Monitoring
- Log Monitoring
- Storage Audit
- Pub/Sub Monitoring
- VPC Audit
- IAM Deep Dive
GCP Threats
PostgreSQL Log Planner Stats Flag Should Be Off
More Info:
Ensure that the log_planner_stats database flag for a Cloud SQL PostgreSQL instance is set to off.
Risk Level
Low
Address
Reliability, Security
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the PostgreSQL Log Planner Stats Flag misconfiguration for GCP using GCP console, you can follow the below steps:
- Login to your GCP console.
- Navigate to the Cloud SQL instances page.
- Select the instance that you want to remediate.
- Click on the Edit button at the top of the page.
- Scroll down to the Flags section and click on the Add flag button.
- In the Flag name field, enter “log_planner_stats” (without quotes).
- In the Flag value field, enter “off” (without quotes).
- Click on the Save button at the bottom of the page to save the changes.
Once you have completed these steps, the PostgreSQL Log Planner Stats flag will be set to off, and the misconfiguration will be remediated.
To remediate the PostgreSQL Log Planner Stats Flag misconfiguration in GCP using GCP CLI, you can follow the below steps:
-
Open the Cloud Shell in your GCP console.
-
Run the following command to list all the instances in your project:
gcloud sql instances list -
Identify the instance for which you want to remediate the misconfiguration and note down its instance name.
-
Run the following command to get the current value of the PostgreSQL log_planner_stats flag:
gcloud sql instances describe [INSTANCE_NAME] --format="value(settings.postgresql.log_planner_stats)"Replace [INSTANCE_NAME] with the name of your instance.
-
If the output of the above command is “on”, then run the following command to turn off the PostgreSQL log_planner_stats flag:
gcloud sql instances patch [INSTANCE_NAME] --database-flags log_planner_stats=offReplace [INSTANCE_NAME] with the name of your instance.
-
Verify the PostgreSQL log_planner_stats flag has been turned off by running the following command:
gcloud sql instances describe [INSTANCE_NAME] --format="value(settings.postgresql.log_planner_stats)"Replace [INSTANCE_NAME] with the name of your instance.
-
Ensure that the PostgreSQL log_planner_stats flag is turned off for all the instances in your project to avoid any further misconfiguration.
By following the above steps, you can remediate the PostgreSQL Log Planner Stats Flag misconfiguration in GCP using GCP CLI.
To remediate the “PostgreSQL Log Planner Stats Flag Should Be Off” misconfiguration for GCP using Python, you can follow the below steps:
Step 1: Import the required libraries
from google.cloud import bigquery
from google.oauth2 import service_account
Step 2: Set up the authentication credentials
credentials = service_account.Credentials.from_service_account_file('path/to/credentials.json')
Step 3: Create a BigQuery client object
client = bigquery.Client(project='project_id', credentials=credentials)
Step 4: Run the following query to check the current value of the log_planner_stats flag:
query = """
SELECT name, setting
FROM pg_settings
WHERE name = 'log_planner_stats'
"""
query_job = client.query(query)
results = query_job.result()
for row in results:
print("{}: {}".format(row.name, row.setting))
Step 5: If the value of log_planner_stats is on, run the following query to turn it off:
update_query = """
ALTER SYSTEM SET log_planner_stats = off
"""
update_job = client.query(update_query)
update_job.result()
Note: This query will update the configuration file for PostgreSQL, but it will not take effect until the database is restarted.
Step 6: Verify that the log_planner_stats flag is now set to off by running the query in Step 4 again.
By following the above steps, you can remediate the “PostgreSQL Log Planner Stats Flag Should Be Off” misconfiguration for GCP using Python.