STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020: STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:SV-82277r5_rule
V-67787
SRG-APP-000109-DB-000321
SQL4-00-030600
CAT I
10
If SQL Server Audit is in use, configure SQL Server Audit to continue to generate audit records, overwriting the oldest existing records, in the case of an auditing failure.
Run this T-SQL script for each identified audit:
ALTER SERVER AUDIT [AuditName] WITH (STATE = OFF);
GO
ALTER SERVER AUDIT [AuditName] to file (max_rollover_files = IntegerValue);
GO
ALTER SERVER AUDIT [AuditName] WITH (STATE = ON);
GO
If the system documentation indicates that availability does not take precedence over audit trail completeness, this is not applicable (NA).
If neither SQL Server Audit nor SQL Server Trace is in use for audit purposes, this is a finding.
If SQL Server Audit is in use, review the defined server audits by running the statement:
SELECT [name], [max_rollover_files] FROM sys.server_file_audits
WHERE is_state_enabled = 1;
By observing the [name] and [max_rollover_files] columns, identify the row or rows in use.
If the [max_rollover_files] is greater than zero, this is not a finding. Otherwise, this is a finding.
V-67787
False
SQL4-00-030600
If the system documentation indicates that availability does not take precedence over audit trail completeness, this is not applicable (NA).
If neither SQL Server Audit nor SQL Server Trace is in use for audit purposes, this is a finding.
If SQL Server Audit is in use, review the defined server audits by running the statement:
SELECT [name], [max_rollover_files] FROM sys.server_file_audits
WHERE is_state_enabled = 1;
By observing the [name] and [max_rollover_files] columns, identify the row or rows in use.
If the [max_rollover_files] is greater than zero, this is not a finding. Otherwise, this is a finding.
M
2639