Re: Ensure 'User' Runtime Parameters are Configured

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Muhammad Usman Khan <[email protected]>
To: pramod kg <[email protected]>
Cc: Pgsql-admin <[email protected]>
Subject: Re: Ensure 'User' Runtime Parameters are Configured
Date: Tue, 8 Oct 2024 08:20:59 +0500
Message-ID: <CAPnRvGsbFQt5sUYH-QgMyKHs7F8T2oOH8BAMzrWg84pNZq+psA@mail.gmail.com> (raw)
In-Reply-To: <CAHkcXnwDsxJDMyWK2ZvB+Rci7TJ=DmsPL9T7k4khMoscHk+7mw@mail.gmail.com>
References: <CAHkcXnwDsxJDMyWK2ZvB+Rci7TJ=DmsPL9T7k4khMoscHk+7mw@mail.gmail.com>

Hi,
There is not a predefined method to achieve this but you can get your
desired output by implementing the following logics:

   -   Enable Detailed Logging by setting the following parameters in
   postgresql.conf file:
     logging_collector = on
     log_statement = 'all'
     log_duration = on
   -   Implement Auditing with pgaudit
   -   Restrict Privileges
   -   Automated Reversion:
     Schedule a job that compares current settings with default_parameters
   and reverts any discrepancies.



On Mon, 7 Oct 2024 at 13:33, pramod kg <[email protected]> wrote:

> Hi All,
>
> There is a requirement to monitor run time parameters and revert back
> changes (As per CIS Benchmark report). Requirement is to monitor user
> session parameter changes. How to achieve this? Any guidance is appreciated
>
> Complete remediation given by CIS benchmark is as follows:
>
> In the matter of a user session, the login sessions must be validated that
> it is not executing
> undesired parameter changes. In the matter of attributes that have been
> changed in
> entities, they must be manually reverted to its default value(s).
>
>
> Regards,
> Pramod
>

view thread (2+ messages)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: Ensure 'User' Runtime Parameters are Configured
  In-Reply-To: <CAPnRvGsbFQt5sUYH-QgMyKHs7F8T2oOH8BAMzrWg84pNZq+psA@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox