Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-58109 | SRG-APP-000503-DB-000351 | SV-72539r1_rule | Medium |
Description |
---|
For completeness of forensic analysis, it is necessary to track failed attempts to log on to the DBMS. While positive identification may not be possible in a case of failed authentication, as much information as possible about the incident must be captured. |
STIG | Date |
---|---|
Database Security Requirements Guide | 2015-12-21 |
Check Text ( C-58879r1_chk ) |
---|
Review the DBMS audit settings. If an audit record is not generated each time a user (or other principal) attempts but fails to log on or connect to the DBMS (including attempts where the user ID is invalid/unknown), this is a finding. |
Fix Text (F-63317r1_fix) |
---|
Configure DBMS audit settings to generate an audit record each time a user (or other principal) attempts but fails to log on or connect to the DBMS. Include attempts where the user ID is invalid/unknown. Ensure that the audit record contains the time of the event and the user ID that was entered (if any). |