[DPE-5512] postgresql.conf hardening (#621)

* postgresql.conf hardening Signed-off-by: Marcelo Henrique Neppel <[email protected]> * Fix connections logging parameters Signed-off-by: Marcelo Henrique Neppel <[email protected]> --------- Signed-off-by: Marcelo Henrique Neppel <[email protected]>
canonical · Oct 4, 2024 · ad802fe · ad802fe
1 parent 0a73743
commit ad802fe
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/config.yaml b/config.yaml
@@ -27,12 +27,12 @@ options:
     description: |
       Logs each successful connection.
     type: boolean
-    default: false
+    default: true
   logging_log_disconnections:
     description: |
       Logs end of a session, including duration.
     type: boolean
-    default: false
+    default: true
   logging_log_lock_waits:
     description: |
       Logs long lock waits.

diff --git a/templates/patroni.yml.j2 b/templates/patroni.yml.j2
@@ -73,18 +73,23 @@ bootstrap:
         {%- endif %}
         archive_mode: on
         autovacuum: true
+        debug_print_plan: 'off'
+        debug_print_parse: 'off'
+        debug_print_rewritten: 'off'
         fsync: true
         full_page_writes: true
         lc_messages: 'en_US.UTF8'
         log_autovacuum_min_duration: 60000
         log_checkpoints: 'on'
         log_destination: 'stderr'
         log_directory: '{{ postgresql_log_path }}'
+        log_error_verbosity: 'verbose'
         log_file_mode: '0600'
         log_filename: 'postgresql-%w_%H%M.log'
         log_hostname: 'off'
         log_line_prefix: '%t [%p]: user=%u,db=%d,app=%a,client=%h,line=%l '
         log_min_duration_sample: -1
+        log_min_error_statement: 'warning'
         log_recovery_conflict_waits: 'on'
         log_replication_commands: 'on'
         log_rotation_age: 1