Information
Auditing is disabled by default in Sybase ASE. It should be enabled and at a minimum and
configured to audit the following events:
. All commands which require the sa_role
. All errors
. All logins to the database
In addition, audit settings should also be configured to detect significant departures from
typical business use such as execution of unused stored procedures as well as the creation
and modification of database objects. This may mean auditing GRANT, DROP and CREATE
actions as well.
Auditing settings should be thoroughly tested on non-production systems to ensure they
do not impact performance on database with heavy usage.
Rationale:
Auditing of security-related events is essential to ensure the security of the database and
the integrity of the data held within it.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
1. Install the auditing functionality. This is a multistage process involving the
following steps:
. Creation of the auditing devices.
. Creation of the auditing database.
. Running the installsecurity (instsecu on Windows) script to populate
the database tables.
. Restarting the database.
For detailed information, see
. the Sybase ASE Configuration Guide for your platform (Windows or UNIX),
Chapter on Adding Optional Functionality to Adaptive Server,
. the Sybase ASE System Administration Guide chapter on Auditing.
2. Connect to the ASE server as a user with the sso_role and execute the following
SQL statement to enable auditing of security-related events, errors and login
attempts:
exec sp_configure 'auditing', 1
/* Enable auditing of all security-related events for all users */
exec sp_audit 'security', 'all', 'all', 'on'
/* Enable auditing of all errors for all users */
exec sp_audit 'errors', 'all', 'all', 'on'
/* Enable auditing of all logins for all users */
exec sp_audit 'login', 'all', 'all', 'on'
3. Configure additional auditing options as required.