Changes to configuration options should be audited.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15645	DG0142-SQLServer9	SV-21458r1_rule	ECAR-3	Medium

Description
The default audit trace provides a log of activity and changes primarily related to DBMS configuration options. The default audit trace option does not provide adequate auditing and should be disabled.

STIG	Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide	2015-06-16

Details

Check Text ( C-23629r1_chk )
From the query prompt: SELECT CAST(value AS INT) 'Config_Value' FROM [master].sys.configurations WHERE name = 'default trace enabled' If the value of Config_Value is 0, this is Not a Finding. If the value of Config_Value is 1, confirm in the System Security Plan and AIS Functional Architecture documentation that this option is documented as required and approved by the IAO. If it is not documented and is required and approved, this is a Finding.

Check Text ( C-23629r1_chk )

From the query prompt:

SELECT CAST(value AS INT) 'Config_Value'
FROM [master].sys.configurations
WHERE name = 'default trace enabled'

If the value of Config_Value is 0, this is Not a Finding.

If the value of Config_Value is 1, confirm in the System Security Plan and AIS Functional Architecture documentation that this option is documented as required and approved by the IAO. If it is not documented and is required and approved, this is a Finding.

Fix Text (F-20145r1_fix)
Authorize and document requirements for use of the default trace option in the System Security Plan and AIS Functional Architecture documentation. Where not authorized, disable its use. From the query prompt: EXEC SP_CONFIGURE 'show advanced options', 1 EXEC SP_CONFIGURE 'default trace enabled', 0 RECONFIGURE