Fluid Attacks Database

Description

Detects when Azure PostgreSQL database configurations have log retention periods set to less than 3 days. Short log retention periods can hinder security investigations and compliance requirements by not maintaining sufficient history of database activities and access logs.

Weakness:

101 - Lack of protection against deletion

Category: Functionality Abuse

Detection Strategy

• Check for Azure PostgreSQL configuration resources ('azurerm_postgresql_configuration')

• Identify resources that configure the 'log_retention_days' parameter

• Flag configurations where the retention period is explicitly set to a numeric value less than 3 days

Vulnerable code example

resource "azurerm_postgresql_configuration" "example" {
  name                = "log_retention_days"
  server_name         = azurerm_postgresql_server.example.name
  resource_group_name = azurerm_resource_group.example.name
  
  value = "1"  # Security risk: Log retention period of 1 day is too short for proper security auditing
}

✅ Secure code example

resource "azurerm_postgresql_configuration" "example" {
  name                = "log_retention_days"
  server_name         = azurerm_postgresql_server.example.name
  resource_group_name = azurerm_resource_group.example.name
  
  value = "7"  # Secure: Minimum 7 days retention ensures adequate time for security auditing and incident investigation
}

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.