Skip to content

Ensure 'Default Trace Enabled' Server Configuration Option is set to '1'

Description

The default trace provides audit logging of database activity including account creations, privilege elevation and execution of DBCC commands.

Rationale

Default trace provides valuable audit information regarding security-related activities on the server.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine sqlserver

Default Rule

const { checkServerSetting } = module
/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if 'default trace enabled'' is set to 1
 */
function validate(databaseSettings) {
    const success = checkServerSetting(databaseSettings, 'default trace enabled', "1")

    return {
        success,
    }
}

validate(databaseSettings)