CCE-19827-5| Platform: ms-sql2005 | Date: (C)2013-02-19 (M)2022-10-10 |
Auditing attempts to bypass access controls should be configured appropriately.
Parameter:
(1) on/off
Technical Mechanism:
(1) EXEC XP_LOGINCONFIG
From the SQL Server Management Studio GUI:
1. Navigate to the SQL Server instance name
2. Right-click on it
3. Select Properties
4. Select Security tab or page
5. Review Login Auditing selection
6. Select "Failed logins only" or "Both failed and successful logins" from the Login Auditing section
7. Apply changes
8. Exit the SQL Server Management Studio GUI
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : | Attack Vector: |
| Exploit Score: | Attack Complexity: |
| Impact Score: | Privileges Required: |
| Severity: | User Interaction: |
| Vector: | Scope: |
| | Confidentiality: |
| | Integrity: |
| | Availability: |
| | |
References: | Resource Id | Reference |
|---|
| DISA STIG SQL 2005 INS Version 8, Release 1.7 Benchmark Date: 27 August 2010 | Rule ID: V0015644 Rule Title: Attempts to bypass access controls should be audited. STIG ID: DG0141 Severity: CAT II Class: Unclass |
