3.1.23 Ensure 'log_hostname' is set correctly

Information

Enabling the log_hostname setting causes the hostname of the connecting host to be logged in addition to the host's IP address for connection log messages. Disabling the setting causes only the connecting host's IP address to be logged, and not the hostname. Unless your organization's logging policy requires hostname logging, it is best to disable this setting so as not to incur the overhead of DNS resolution for each statement that is logged.

Rationale:

Depending on your hostname resolution setup, enabling this setting might impose a non-negligible performance penalty. Additionally, the IP addresses that are logged can be resolved to their DNS names when reviewing the logs (unless dynamic hostnames are being used as part of your DHCP setup).

Solution

Execute the following SQL statement(s) to remediate this setting (in this example, to off):

postgres=# alter system set log_hostname='off';
ALTER SYSTEM
postgres=# select pg_reload_conf();
pg_reload_conf
----------------
t
(1 row)

Default Value:

off

See Also

https://workbench.cisecurity.org/benchmarks/17004

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1

Plugin: PostgreSQLDB

Control ID: b9dbe1a005fbf02c4d76da9ee66e04a1f4121c9a7e5adcf8a0a8a845de308a98