Check: SRG-APP-000503-DB-000351
Database SRG:
SRG-APP-000503-DB-000351
(in versions v4 r2 through v2 r9)
Title
The DBMS must generate audit records when unsuccessful logons or connection attempts occur. (Cat II impact)
Discussion
For completeness of forensic analysis, it is necessary to track failed attempts to log on to the DBMS. While positive identification may not be possible in a case of failed authentication, as much information as possible about the incident must be captured.
Check Content
Review the DBMS audit settings. If an audit record is not generated each time a user (or other principal) attempts but fails to log on or connect to the DBMS (including attempts where the user ID is invalid/unknown), this is a finding.
Fix Text
Configure DBMS audit settings to generate an audit record each time a user (or other principal) attempts but fails to log on or connect to the DBMS. Include attempts where the user ID is invalid/unknown. Ensure that the audit record contains the time of the event and the user ID that was entered (if any).
Additional Identifiers
Rule ID: SV-206631r961824_rule
Vulnerability ID: V-206631
Group Title: SRG-APP-000503
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000172 |
Generate audit records for the event types defined in AU-2 c that include the audit record content defined in AU-3. |
Controls
Number | Title |
---|---|
AU-12 |
Audit Generation |