From MS SQL Server 2016 Instance Security Technical Implementation Guide
Part of SRG-APP-000109-DB-000321
Associated with: CCI-000140
It is critical that when SQL Server is at risk of failing to process audit logs as required, it take action to mitigate the failure. Audit processing failures include; software/hardware errors; failures in the audit capturing mechanisms; and audit storage capacity being reached or exceeded. Responses to audit failure depend upon the nature of the failure mode.
If the system documentation indicates that availability does not take precedence over audit trail completeness, this is not applicable (NA). If SQL Server Audit is not in use, this is a finding. If SQL Server Audit is in use, review the defined server audits by running the statement: SELECT [name], [max_rollover_files] FROM sys.server_file_audits WHERE is_state_enabled = 1; By observing the [name] and [max_rollover_files] columns, identify the row or rows in use. If the [max_rollover_files] is greater than zero, this is not a finding. Otherwise, this is a finding.
If SQL Server Audit is in use, configure SQL Server Audit to continue to generate audit records, overwriting the oldest existing records, in the case of an auditing failure. Run this T-SQL script for each identified audit: ALTER SERVER AUDIT [AuditName] WITH (STATE = OFF); GO ALTER SERVER AUDIT [AuditName] to file (max_rollover_files = IntegerValue); GO ALTER SERVER AUDIT [AuditName] WITH (STATE = ON); GO
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer