Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Database logging should be enabled

This rule ensures database logging is enabled for security and compliance purposes.

RuleDatabase logging should be enabled
FrameworkFedRAMP Moderate Revision 4
Severity
Low

Rule Description

The rule requires enabling database logging for systems operating at the FedRAMP Moderate level, as per Revision 4 of the FedRAMP guidelines. Enabling database logging helps in monitoring and recording all database activities for security analysis, auditing, and detecting potential security incidents.

Troubleshooting Steps

  1. 1.
    Check if the database logging feature is supported by your database management system (DBMS). Not all DBMSs offer built-in database logging functionality. Ensure that your DBMS supports this feature before proceeding.
  2. 2.
    Verify if the database logging option is currently enabled or disabled. This can be done by checking the configuration settings of your DBMS.
  3. 3.
    Ensure that you have the necessary privileges or access rights to enable database logging. If you are not the database administrator, contact the appropriate person or team responsible for managing the database.
  4. 4.
    If the database logging feature is supported but not enabled, follow the remediation steps outlined below.

Remediation Steps

The remediation steps may vary depending on the specific database management system in use. The following steps provide a general guideline for enabling database logging:

Note: These steps assume that you have administrative access to the database or appropriate privileges.

  1. 1.

    Identify the database name or instance for which you need to enable logging.

  2. 2.

    Connect to the database server using a database client or command line tool with administrative privileges.

  3. 3.

    Execute the relevant command or query to enable database logging. The exact command will depend on the specific DBMS being used. Examples of database logging commands for commonly used DBMSs are provided below:

    • Microsoft SQL Server:

      • Enable transaction log and activity logging:
        ALTER DATABASE [database_name] SET RECOVERY FULL;
        
        This command sets the database recovery model to Full, allowing transaction logs to be saved. Additionally, configure the required log retention period and other related settings as per your organization's policies.
    • Oracle Database:

      • Enable fine-grained auditing for database objects:
        AUDIT ALL TABLES BY ACCESS;
        
        This command enables auditing for all tables. Adjust the audit configuration according to your specific requirements.
        • Enable database-level auditing:
        ALTER DATABASE [database_name] AUDIT;
        
        This command enables auditing at the database level. Customize the audit settings as necessary.
    • MySQL/MariaDB:

      • Enable general query logging: Edit the MySQL configuration file (usually
        my.cnf
        or
        my.ini
        ), locate the
        [mysqld]
        section, and add the following line:
        general_log = 1
        
        Save the file and restart the MySQL/MariaDB service to activate the logging.
    • PostgreSQL:

      • Enable logging: Edit the PostgreSQL configuration file (
        postgresql.conf
        ), locate the
        logging_collector
        parameter, and set it to
        on
        :
        logging_collector = on
        
        Save the file and restart the PostgreSQL service for the changes to take effect.
  4. 4.

    Verify that database logging is enabled by performing a test operation (such as inserting or updating data) and checking if the corresponding logs or audit records are generated.

  5. 5.

    Validate the effectiveness of the logging mechanism by reviewing and analyzing the generated logs regularly. Ensure that the logs are securely stored and protected against tampering or unauthorized access.

Conclusion

Enabling database logging is a crucial step in achieving compliance with the FedRAMP Moderate guidelines. By following the appropriate remediation steps outlined above, you can ensure that database activities are effectively logged and provide valuable insights into the security posture of your system. Regular monitoring and review of the generated logs help in proactive threat detection and incident response.

Is your System Free of Underlying Vulnerabilities?
Find Out Now