Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sy0mk-00DkdN-HZ for pgsql-admin@arkaria.postgresql.org; Tue, 08 Oct 2024 03:21:18 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1sy0mj-001n76-6z for pgsql-admin@arkaria.postgresql.org; Tue, 08 Oct 2024 03:21:17 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sy0mi-001n6t-Oh for pgsql-admin@lists.postgresql.org; Tue, 08 Oct 2024 03:21:16 +0000 Received: from mail-pg1-x535.google.com ([2607:f8b0:4864:20::535]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1sy0mf-0033Sw-NH for pgsql-admin@lists.postgresql.org; Tue, 08 Oct 2024 03:21:15 +0000 Received: by mail-pg1-x535.google.com with SMTP id 41be03b00d2f7-7e9fdad5af8so1485811a12.3 for ; Mon, 07 Oct 2024 20:21:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bitnine-net.20230601.gappssmtp.com; s=20230601; t=1728357672; x=1728962472; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=HiyGMxZrToskb7YlOAb573aSrjfQ503TBptc6X6r2SQ=; b=2J3oYX6EjcKaYYYsQoaPbjHTbaaq6MZ9Gvs4Nno3skhKJT0SsWKDgUgs+ph1S/CaZn uiiZQrJ+mEkCAuPApOZ7ll4zonzuozqZbOqpAoVaT+OUyCLvfWfvE50HqCW/EU35L/Jv Hx/rNhl6n677p4iLMX2AmnI0T0OYyGCxCguuLZm8ynAl38+cRYo0bhNFfRUdd24U+2xv E2pCXZvZh2bx7JsCqpryjbNwjIGOYcSZTd7tARPB/itlvUmn2UrDxSoePyNccKVxYLiM ve0eSwMtEqu5VZgpd+BgoUWxxU0f9TejvdK1/NJc1BD8VcxhJIGzvr17M1l9BXnT5uho Fbqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728357672; x=1728962472; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=HiyGMxZrToskb7YlOAb573aSrjfQ503TBptc6X6r2SQ=; b=tNY+1tgCpAxlnjbe3VdWFGjEc3sIonD86+QsdQua+CdpZRBR8XFaD0ujTcnX7ToSSG 0JmO0dyyxty9fkqHuR8KncG0WeB6PCXyiwi4BuN71rxLmeyLVDmD9v6ZJCJgUw8rLsi/ u0esWu7lROenhGLIn7/YBooHaJmlcjd/w2IF3a17bgJIqMYwn7au77KOFxUHKzlz9aF7 9bIbLWpkjyrJCTDdHpdePMnTA2/V2DmjgeWbyWKR5djWlGUy5umtgAOxHTEG7hrvCElc DVt2g5KoRz/aS9cCSq0sDWnAx0pjA0SWaCG6gMVmuIHTjbOB0W/bhuz4Q/bHKKzzOpv6 080Q== X-Gm-Message-State: AOJu0YxEbeyX68g6b6XTx1U7rBUe412XSGI0h2Zt7FuudXB2xhwO1rAv nP8KjMxd2CQI4mD1pb0CKZM/fFNHE8MPAGLXZLSh5WLSjuMbuGmoUeYhTWoSIkIWuLNihDorYwZ ZF1kw5YKnDcQPR1F/E1J2deeRnEuY9scn8+gBfQ== X-Google-Smtp-Source: AGHT+IEu9sA8JRWHDZg/RH9paNlwKxA18zBz3+CGwL2eqZspGBCtLyUyOYIG+dunZTkiZu+gPqvN4g2GJewhFkA4ZK4= X-Received: by 2002:a17:90a:ec04:b0:2e2:85b4:7b2d with SMTP id 98e67ed59e1d1-2e285b47d88mr790287a91.11.1728357672087; Mon, 07 Oct 2024 20:21:12 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Muhammad Usman Khan Date: Tue, 8 Oct 2024 08:20:59 +0500 Message-ID: Subject: Re: Ensure 'User' Runtime Parameters are Configured To: pramod kg Cc: Pgsql-admin Content-Type: multipart/alternative; boundary="0000000000001710420623eea124" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --0000000000001710420623eea124 Content-Type: text/plain; charset="UTF-8" Hi, There is not a predefined method to achieve this but you can get your desired output by implementing the following logics: - Enable Detailed Logging by setting the following parameters in postgresql.conf file: logging_collector = on log_statement = 'all' log_duration = on - Implement Auditing with pgaudit - Restrict Privileges - Automated Reversion: Schedule a job that compares current settings with default_parameters and reverts any discrepancies. On Mon, 7 Oct 2024 at 13:33, pramod kg wrote: > Hi All, > > There is a requirement to monitor run time parameters and revert back > changes (As per CIS Benchmark report). Requirement is to monitor user > session parameter changes. How to achieve this? Any guidance is appreciated > > Complete remediation given by CIS benchmark is as follows: > > In the matter of a user session, the login sessions must be validated that > it is not executing > undesired parameter changes. In the matter of attributes that have been > changed in > entities, they must be manually reverted to its default value(s). > > > Regards, > Pramod > --0000000000001710420623eea124 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,
There is not a predefined method to achie= ve this but you can get your desired output by implementing the following l= ogics:
  • =C2=A0 Ena= ble Detailed Logging by setting the following parameters in postgresql.conf= file:
    =C2=A0 logging_collector =3D on
    =C2=A0 log_statement =3D 'all'
    =C2=A0 log_duration =3D on
  • =C2=A0 Implement Auditing with pgaudit
    • =
  • =C2=A0 Restrict Privileges=C2=A0=
  • =C2=A0 Automa= ted Reversion:
    =C2=A0 Schedule a job that compares current settings with= default_parameters and reverts any discrepancies.<= /font>=C2=A0=C2=A0
=

On Mon, 7 Oct 2024 at 13:33, pramod kg <pramod11287@gmail.com> wrote:
Hi All,

There is a requirement=C2=A0to monitor run time parameters and revert ba= ck changes (As per CIS Benchmark report). Requirement is to monitor user se= ssion parameter changes. How to achieve this? Any guidance=C2=A0is apprecia= ted

Complete remediation given by CIS benchmark is= as follows:

In the matter of a user session, = the login sessions must be validated that it is not executing
undesired = parameter changes. In the matter of attributes that have been changed inentities, they must be manually reverted to its default value(s).


Regards,
Pramod
--0000000000001710420623eea124--