February 20, 2015 at 7:24 pm
I am STIGing a SQL Server 2008R2 and I need to know what is the best way to mitigate a few STIGs where the “Fix” is not very clear
A: SQL2-00-014700 Verify that Files and Folders that are part of the SQL Server 2012 Installation have auditing enabled.
I did this via windows, but not sure if I configure it correctly. Does anyone have a link to a best practice article I can use
B: SQL2-00-015300 Verify within the system documentation that SQL Server is monitoring for security-relevant configuration settings to discover unauthorized changes. This can be done by a third-party tool or a SQL script that does baselining and then comparisons.
How do you guys accomplish this? I only know to either manually check or manually run scripts and check against my documentation. Is there a quick and dirty way to accomplish this that you know of.
Your help is appreciate
Thank
Jeff
February 20, 2015 at 7:31 pm
You do that by setting up a server audit and a database audit specification.
https://msdn.microsoft.com/en-us/library/cc280386.aspx
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
February 25, 2015 at 2:20 pm
Your help is appreciated. I set up the audit as suggested and I Selected the following Audit Action Types in the Server Audit Specification
SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP
SERVER OBJECT PERMISSION CHANGE GROUP
FAILED LOGIN GROUP
SERVER OBJECT CHANGE GOUP
SERVER PRINCIPAL CHANGE GROUP
SERVER STATE CHANGE GROUP
SCHEMA OBJECT OWNERSHIP CHANGE GROUP
SERVER OBJECT OWNERSHIP CHAGE GROUP
Are these a good set up and are they going to impact the server performance. In otherwords is this overkill
to server. I am trying to mitigate STIG SQL2-00-015300.
Jeff
February 25, 2015 at 4:12 pm
jayoub (2/25/2015)
Your help is appreciated. I set up the audit as suggested and I Selected the following Audit Action Types in the Server Audit SpecificationSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP
SERVER OBJECT PERMISSION CHANGE GROUP
FAILED LOGIN GROUP
SERVER OBJECT CHANGE GOUP
SERVER PRINCIPAL CHANGE GROUP
SERVER STATE CHANGE GROUP
SCHEMA OBJECT OWNERSHIP CHANGE GROUP
SERVER OBJECT OWNERSHIP CHAGE GROUP
Are these a good set up and are they going to impact the server performance. In otherwords is this overkill
to server. I am trying to mitigate STIG SQL2-00-015300.
I wouldn't say that it is overkill. Any audit you place on a server, any trace for that matter, will have an impact on performance. The mechanism for providing this info in the audit is much improved over previous versions, but there will still be some overhead.
How much that overhead will be will be determined by how active/busy the server is. I would monitor it and baseline it to confirm it would meet the requirements and not hamper performance too much.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
February 25, 2015 at 4:22 pm
Will do
Thank you very much for the help.
Jeff
February 25, 2015 at 4:25 pm
You are welcome.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply