SQL2-00-015355 - Software, applications, and configuration files that are part of, or related to, the SQL Server 2012 installation must be audited.

Information

When dealing with change control issues, it should be noted, any changes to the hardware, software, and/or firmware components of applications and tools related to SQL Server can potentially have significant effects on the overall security of the system. Only qualified and authorized individuals shall be allowed to obtain access to components related to SQL Server for purposes of initiating changes, including upgrades and modifications.

Unmanaged changes that occur to the software libraries or configuration can lead to unauthorized or compromised installations.

Of particular note in this context is that any software installed for auditing and/or audit file management must be protected and audited.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Include locations of all files, libraries, scripts, and executables that are part of, or related to, the SQL Server 2012 installation in the documentation.

Ensure that files and folders that are part of, or related to, the SQL Server 2012 installation have auditing enabled. Right-click on the file/folder, click Properties. On the Security tab, click Advanced. On the Auditing tab, use the Add or Edit buttons and the dialogs that follow from them, to set up the following on at least one audit:
Type: All
Principal: Everyone
Access: Modify
Applies to: This Folder, subfolder, and files [where applicable]

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_SQL_Server_2012_V1R20_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-7(6), CAT|II, CCI|CCI-002717, CCI|CCI-002718, Rule-ID|SV-83773r1_rule, STIG-ID|SQL2-00-015355, Vuln-ID|V-69169

Plugin: Windows

Control ID: 565f98892a22b84b1313c523c50c160a25aa46de015487aaf72725abe8db134a