-
-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LoginAuditSuccessful Not working as described in CIS Benchmark #1017
Comments
That particular check is in reference to the instance level errorlog reporting of logins failure/success for point 5.3 of the baseline. There isn't a check at the moment which deals with 5.4. Please feel free to add a new check using Get-DbaInstanceAudit and Get-DbaInstanceAuditSpecification to satisfy 5.4 into the Instance level checks. |
Thanks Ant-Green, but I am going to disagree. LoginAuditFailed satisfies 5.3. While the naming of LoginAuditSuccessful does not point to 5.4, the description suggests that it is for 5.4
|
ok got it. thanks for the clarification. |
Damn my PC looks like I deleted the other comment, thought I made it a strike through, But yeah baselines keep changing, some checks need tweaks, some need to be written still, some need removing. 5.4 needs a check writing for it, at the moment it doesn't exist. New checks need writing too. |
If I get time in the new year, I can take a look at some of it. Seems like my work is going to force CIS/PCI compliance on me. Luckily all of my servers are over 90% compliant and there are some things that I just will not be able to implement but I will have to explain why. |
Bug Report
General Troubleshooting steps
Does
(Find-Module dbachecks).Version match (Get-Module dbachecks).Version.ToString()
YESpowershell -NoProfile
)? YESVersion Information
Steps to Reproduce
Invoke-DbcCheck -SqlInstance DBC02 -Check LoginAuditSuccessful
Description of Bug
Instance.Assertion : LoginAuditSuccessful does not return data specified by CIS Benchmark documentation.
Test 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' is supposed to check if a SQL Audit has been created to capture both Successful and Failed Logins.
Currently LoginAuditSuccessful executes the exact same command as LoginAuditFailed.
This check should execute the Audit Query that is outlined in the CIS Benchmark or any DbaTools equivalent.
The text was updated successfully, but these errors were encountered: