Database logging rule
Ensure database logging is enabled to maintain compliance
| Rule | Database logging should be enabled |
| Framework | CISA-cyber-essentials |
| Severity | ✔ Low |
Database Logging for CISA Cyber Essentials
Rule Description
Database logging should be enabled for CISA Cyber Essentials to ensure effective monitoring, auditing, and troubleshooting of database activities. By enabling database logging, organizations can capture and store a comprehensive set of log information that can be utilized for analysis, compliance, and incident response purposes.
Troubleshooting Steps
If database logging is not enabled for CISA Cyber Essentials, the following troubleshooting steps can be followed:
- 1.
Check Database Logging Status: Verify the current status of database logging in the system. This can be done by accessing the database management system's administrative interface or by executing relevant SQL queries.
- 2.
Review System Logs: Inspect system logs to identify any entries related to database logging issues. Look for error messages, warnings, or indications of the logging feature being disabled or misconfigured.
- 3.
Check Database Configuration: Ensure that the database settings are properly configured to enable logging. Review the database documentation or consult with a database administrator to understand the correct configuration parameters.
- 4.
Verify Database User Permissions: Make sure that the user account used for accessing the database has the necessary permissions to enable and manage database logging. Grant the required privileges if necessary.
- 5.
Restart Database Service: In some cases, enabling database logging may require restarting the database service to enforce the new configuration. Check the database documentation for the appropriate steps to restart the service.
- 6.
Test Logging Functionality: Validate that logging is functioning as expected by performing test operations on the database and verifying the corresponding logs. This can include creating, modifying, or deleting database records and ensuring the actions are logged appropriately.
Code Samples
Depending on the database management system in use, specific configuration settings may vary. Here are some example code snippets for enabling database logging in commonly used systems:
MySQL
To enable database logging in MySQL, add the following lines to the MySQL configuration file (my.cnf or my.ini):
[mysqld] ... general_log=1 general_log_file= /var/log/mysql/mysql.log
After making the changes, restart the MySQL service to apply the new configuration.
PostgreSQL
To enable database logging in PostgreSQL, modify the
postgresql.conflogging_collector = on log_destination = 'stderr' log_directory = 'pg_log' log_filename = 'postgresql-%a.log' log_statement = 'all'
Save the changes and restart the PostgreSQL service for the configuration to take effect.
SQL Server
To enable database logging in SQL Server, execute the following SQL command:
EXEC sys.sp_cdc_enable_db;
This will enable the Change Data Capture feature, which provides detailed logging of database changes.
Remediation Steps
To enable database logging for CISA Cyber Essentials, follow these step-by-step remediation instructions:
- 1.
Identify the Database Management System: Determine the specific database management system used for CISA Cyber Essentials. This could be MySQL, PostgreSQL, SQL Server, or another commonly used system.
- 2.
Access the Database Administration Interface: Connect to the administrative interface or tool provided by the chosen database management system. This could be the command-line interface, a graphical user interface, or a web interface.
- 3.
Locate the Configuration File: Find and open the configuration file for the database management system. The file is usually named
ormy.cnf
for MySQL,my.ini
for PostgreSQL, or can be accessed through the management tool for SQL Server.postgresql.conf - 4.
Apply the Configuration Changes: Add the appropriate configuration settings mentioned earlier in the code samples for the respective database management system. Modify the file with the necessary changes, save it, and close the editor.
- 5.
Restart the Database Service: If required, restart the database service to apply the new logging configuration. Consult the documentation of the database management system for the specific command to restart the service.
- 6.
Verify Database Logging: Verify that database logging is functioning correctly by performing test operations on the database. Ensure that the operations are logged as expected and review the log files to confirm the presence of relevant log entries.
By following these remediation steps, database logging can be successfully enabled for CISA Cyber Essentials, enhancing the monitoring capabilities and compliance of the system.