3.1.18 Ensure 'log_connections' is enabled

Information

Enabling the log_connections setting causes each attempted connection to the server to be logged, as well as successful completion of client authentication. This parameter cannot be changed after session start.

Rationale:

PostgreSQL does not maintain an internal record of attempted connections to the database for later auditing. It is only by enabling the logging of these attempts that one can determine if unexpected attempts are being made.

Solution

Execute the following SQL statement(s) to enable this setting:

postgres=# alter system set log_connections = 'on';
ALTER SYSTEM
postgres=# select pg_reload_conf();
pg_reload_conf
----------------
t
(1 row)

Default Value:

off

See Also

https://workbench.cisecurity.org/files/2306

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12, CSCv6|6, CSCv7|6.3

Plugin: PostgreSQLDB

Control ID: c63475f56b4b3ad4af50215a6fed78dfb8b15c9eb8e0a2474db8a37b6697d169