Skip to content

Enable Failed Login Auditing

Description

Microsoft SQL Server has four settings for login auditing:

1) None (not recommended) 2) Login failure (minimum for this rule) 3) Login success (not recommended) 4) Both login success and failure (Best practice)

Rationale

Login failure auditing is required by many compliance standards, and is needed to detect password guessing attempts.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine sqlserver

Default Rule

const { checkServerSetting } = module
/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if 'login auditing' is set to failed logins
 */
function validate(databaseSettings) {
    const success = checkServerSetting(databaseSettings, 'audit level', "failure")

    return {
        success,
    }
}

validate(databaseSettings)