You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
SqlServer resource rule V-41402 is currently categorized as a "Database" role rule. However the settings, unless I'm misunderstanding how they work, are applied to the database instance.
To Reproduce
Create a basic configuration containing a SqlServer resource with the SqlRole = "Database" and the instance and any database name.
Thanks for the issue. I agree with you on this issue being an 2012 SQL Instance STIG, but DISA has released this as a DB rule, which is why we parsed it as such. The checktext clearly states that traceID's on the instance will be listed, not database.
Check Text: Check to see that all required events are being audited.
From the query prompt:
SELECT DISTINCT traceid FROM sys.fn_trace_getinfo(0);
All currently defined traces for the SQL server instance will be listed. If no traces are returned, this is a finding.
I don't believe this is an issue with PowerSTIG because this settings is configured and the trace id's are listed correctly via the method listed in DISA's rule
SELECT DISTINCT traceid FROM sys.fn_trace_getinfo(0);
Describe the bug
SqlServer resource rule V-41402 is currently categorized as a "Database" role rule. However the settings, unless I'm misunderstanding how they work, are applied to the database instance.
To Reproduce
TestConfig -Verbose
The text was updated successfully, but these errors were encountered: