Ensure that "log_temp_files" database flag is set to 0 (enabled) for all your Google Cloud PostgreSQL database instances. PostgreSQL database engine can create temporary files for actions such as sorting, hashing and temporary query results, when these operations exceed the amount of memory specified for the "work_mem" setting. Setting "log_temp_files" flag to 0 causes all temporary file information to be logged, while positive configuration values log only files whose size is greater than or equal to the specified number of kilobytes.
A value of -1 disables temporary file information logging. By default, the "log_temp_files" flag is set to -1 within the Google Cloud PostgreSQL instances configuration. When temporary files are not logged at all, it may be difficult to identify potential performance issues that can be created by poor programming practices or deliberate resource starvation attempts.
Note: Some database flag settings can affect instance availability and/or stability, and eventually remove the PostgreSQL instance from the Google Cloud SQL Service Level Agreement (SLA).
To determine if "log_temp_files" flag is enabled for your Cloud PostgreSQL database instances, perform the following operations:
Remediation / Resolution
To turn on the "log_temp_files" database flag for your Google Cloud Platform (GCP) PostgreSQL database instances, perform the following operations:
- Google Cloud Platform (GCP) Documentation
- Cloud SQL for PostgreSQL
- Configuring database flags
- Editing instances
- CIS Security Documentation
- Securing Google Cloud Computing Platform
- PostgreSQL Database Documentation
- 19.8. Error Reporting and Logging
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Enable "log_temp_files" Flag for PostgreSQL Database Instances
Risk level: Medium