dbachecks
dbachecks copied to clipboard
dataplat
STIG - Create tests for SQL Audit Items
New Check
What would you like to check?
For STIG auditing tests needs to be created for the following SQL Audit Items. They should all be created as separate test with options to skip to allow for flexibility for others to decide what they are testing.
- AUDIT_CHANGE_GROUP
- BACKUP_RESTORE_GROUP
- DATABASE_CHANGE_GROUP
- DATABASE_OBJECT_ACCESS_GROUP
- DATABASE_OBJECT_CHANGE_GROUP
- DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP
- DATABASE_OBJECT_PERMISSION_CHANGE_GROUP
- DATABASE_OPERATION_GROUP
- DATABASE_OWNERSHIP_CHANGE_GROUP
- DATABASE_PERMISSION_CHANGE_GROUP
- DATABASE_PRINCIPAL_CHANGE_GROUP
- DATABASE_PRINCIPAL_IMPERSONATION_GROUP
- DATABASE_ROLE_MEMBER_CHANGE_GROUP
- DBCC_GROUP
- FAILED_LOGIN_GROUP
- LOGIN_CHANGE_PASSWORD_GROUP
- LOGOUT_GROUP
- SCHEMA_OBJECT_ACCESS_GROUP
- SCHEMA_OBJECT_CHANGE_GROUP
- SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP
- SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP
- SERVER_OBJECT_CHANGE_GROUP
- SERVER_OBJECT_OWNERSHIP_CHANGE_GROUP
- SERVER_OBJECT_PERMISSION_CHANGE_GROUP
- SERVER_OPERATION_GROUP
- SERVER_PERMISSION_CHANGE_GROUP
- SERVER_PRINCIPAL_CHANGE_GROUP
- SERVER_PRINCIPAL_IMPERSONATION_GROUP
- SERVER_ROLE_MEMBER_CHANGE_GROUP
- SERVER_STATE_CHANGE_GROUP
- SUCCESSFUL_LOGIN_GROUP
- TRACE_CHANGE_GROUP
- USER_CHANGE_PASSWORD_GROUP
What should be configurable for the results of the check ?
- We should have a global parameter for the name of the SQL Audit and Specification.
- I skip option for each test.
- Default would be to skip all tests.
This is linked to a To Do in the STIG Project.
