How to secure SQL Server audit log
-
Working on instructions for securing a SQL 2005/2008 server for credit card PCI compliance. Below are the specific requirements from the PCI spec that I am using SQL Server auditing to cover.
The specific items; 10.2.3 and 10.2.6 are the requirements I am solving for. Can I audit these actions?
10.2.2 All actions taken by any individual with root or administrative privileges
10.2.3 Access to all audit trails
10.2.4 Invalid logical access attempts
10.2 5 Use of identification and authentication mechanisms
10.2.6 Initialization of the audit logs
Thanks
-
Can you elaborate on the audit logs you are referring to?
-
Sure, its the log that gets the entries when someone does a login or logout of SQL Server. You can then view the logs in SQL Server Management Studio by clicking on Management/SQL Server Logs.
-
- You can indeed switch your sqlserver instance to "audit login all", that will insert a row for every logon attempt in the sqlserver instance Errorlog file.
Off course you'll have to secure that file at os level and take copies at frequent inverval,...
- to trace what's going on you could use my little article "
SQL Server and SOX" to get started.
http://www.sqlservercentral.com/articles/Security/3203/
- Keep in mind at windows level you can also audit the (windows) logons at os-level.
- you can also capture sqlserver login events yourself ( see "Scope: The drastic caveat with Logon Triggers." !
at http://www.sqlservercentral.com/articles/Administration/64974/ )
Johan
Learn to play, play to learn !Dont drive faster than your guardian angel can fly ...
but keeping both feet on the ground wont get you anywhere :w00t:- How to post Performance Problems
- How to post data/code to get the best help[/url]- How to prevent a sore throat after hours of presenting ppt
press F1 for solution, press shift+F1 for urgent solution
Need a bit of Powershell? How about this
Who am I ? Sometimes this is me but most of the time this is me
-
All you need is C2 Administrator’s and User’s Security Guide Revision 1.1
you can donwload this guide from :
Regards,
Sarabpreet Singh
Sarabpreet.com
SQLChamp.com
Twitter: @Sarab_SQLGeek -
You can download the guide from here also.
Regards,
Sarabpreet Singh
Sarabpreet.com
SQLChamp.com
Twitter: @Sarab_SQLGeek -
Thanks guys, this looks like good stuff!
Viewing 7 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply