admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-01 08:13:29 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ba03e54063a94de8155adf476dc07e5b39bca341
nuclei-templates/cloud/azure/postgresql/azure-postgres-log-duration-disabled.yaml
Prince Chaddha ea7a5969c8 Revert "chore: update TemplateMan 🤖" 
This reverts commit c31d574176.
2025-05-27 10:39:47 +08:00

55 lines
2.2 KiB
YAML
Raw Blame History

id: azure-postgres-log-duration-disabled
info:
name: Azure PostgreSQL Log Duration Not Enabled
author: princechaddha
severity: medium
description: |
Ensure that "log_duration" server parameter is enabled for all PostgreSQL database servers created in your Microsoft Azure cloud account. Once enabled, the "log_duration" parameter allows recording the duration of each completed PostgreSQL statement. Only users with administrative privileges can change this setting within Azure PostgreSQL server configuration. For database clients using extended query protocol, the duration of the "Parse", "Bind", and "Execute" steps is logged independently.
impact: |
Disabling the "log_duration" parameter prevents logging of query execution times, which is crucial for performance analysis and security auditing.
remediation: |
Enable the "log_duration" parameter in Azure PostgreSQL server configurations to ensure comprehensive logging of query durations for security and performance analysis.
reference:
- https://docs.microsoft.com/en-us/azure/postgresql/concepts-server-logs
tags: cloud,devops,azure,microsoft,postgresql,azure-cloud-config
flow: |
code(1);
for (let ServerData of iterate(template.serverList)) {
ServerData = JSON.parse(ServerData);
set("name", ServerData.name);
set("resourceGroup", ServerData.resourceGroup);
code(2);
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
az postgres server list --output json --query '[*].{"name":name,"resourceGroup":resourceGroup}'
extractors:
- type: json
name: serverList
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
az postgres server configuration show --server-name "$name" --resource-group "$resourceGroup" --name log_duration --query 'value'
matchers:
- type: word
words:
- 'off'
extractors:
- type: dsl
dsl:
- 'name + " in " + resourceGroup + " has log_duration disabled"'
# digest: 490a0046304402203017e10950a2d5cbbde2b8b1e6ea6c3873156078d5fbafedd35fc4f89be9bbc1022030a6361e9ad0b311afbe10e74e29841c1ebfd6bb4f3e6b96f12d0f4859762c73:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink