An error occurred:

Check: SRG-APP-000503-DB-000351

Database SRG: SRG-APP-000503-DB-000351 (in versions v3 r4 through v2 r10)

Title

The DBMS must generate audit records when unsuccessful logons or connection attempts occur. (Cat II impact)

Discussion

For completeness of forensic analysis, it is necessary to track failed attempts to log on to the DBMS. While positive identification may not be possible in a case of failed authentication, as much information as possible about the incident must be captured.

Check Content

Review the DBMS audit settings. If an audit record is not generated each time a user (or other principal) attempts but fails to log on or connect to the DBMS (including attempts where the user ID is invalid/unknown), this is a finding.

Fix Text

Configure DBMS audit settings to generate an audit record each time a user (or other principal) attempts but fails to log on or connect to the DBMS. Include attempts where the user ID is invalid/unknown. Ensure that the audit record contains the time of the event and the user ID that was entered (if any).

Additional Identifiers

Rule ID: SV-206631r879874_rule

Vulnerability ID: V-206631

Group Title: SRG-APP-000503

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000172

The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-12

Audit Generation