I have been asked by the powers that be to make sure that my configuration database gathers some auditing information. I have looked over these and have no idea where to find the information in SQL Server. If you could tell me the table and database that the informations are located in, I could write the T-SQL to find them. IMPORTANT you do not have to answer all of them, I am grateful to those that pick and choose even one to help me with.
SQL Server Auditing
General/Access Auditing Items
- Software Install (DB): Verify that the sample and demonstration databases are not installed and remove the temporary setup files created by SQL Server setup process
Authentication and Access Control
- Default user accounts & passwords (DB): Default user account passwords will be changed and will follow the corporate password standard for frequency of change, length and complexity
- User authentication (DB): Windows authentication is preferred. Mixed mode authentication can be used.
- User passwords (DB): All user passwords (mixed mode, SQL authentication, Windows authentication) will follow the corporate password standard for frequency of change, length and complexity.
- Sharing database user accounts (DB): Sharing of database user accounts is not permitted without an explicit exception documented and granted by IS Information Security.
- Normal users submitting jobs (DB): Normal user jobs should not be run as SA. Create a role-based policy for normal users that must be allowed to run jobs. They should be included in the role created for job submission.
Monitoring and Reporting
- Auditing (DB): For all database installs after XX/XX/XXXX, Auditing should be turned on and at minimum set to log failed connections. Logs should be saved to a different hard drive than the one which data files are stored.
- SQL error log (DB): Processes should be in place to protect error log data so it can be reviewed for seven days prior to being overwritten or deleted from the system.
Networking
- Cross-database ownership chaining (DB): Cross-database ownership chaining is disabled.
- Code of stored procedures, triggers and views (DB): Who has access
- Public access to SYSXLOGINS and SYSDATABASES tables:The public role will not have access to the SYSXLOGINS or the SYSDATABASES tables.
- Public access to SYSOBJECTS and SYSCOLUMNS tables:The public role will not have access to the SYSOBJECTS and SYSCOLUMNS tables.
- Public access to stored and extended stored procedures:The public role will not have access to stored or extended stored procedures.
- Public access to xp_regread and xp_instance_regread:Restrict public role access to xp_regread and xp_instance_regread.
- Public group access to mswebtasks table:The public group will not have insert, update, delete or select permissions to the msdb.dbo.mswebtasks table.
- Temporary directories:For all database installs after xx/xx/xxxx, all temporary directories will be cleaned on a periodic basis.
- Auditing II:Auditing should be turned on and at minimum set to log failed connections. Logs should be saved to a different hard drive than the one which data files are stored.
- SQL Server instances visibility:All SQL Server instances should not be visible across the network. They should be set up with the hidden option activated.
- Default ports:SQL Server should be configured to not use the default ports.