Database job/batch queues should be reviewed regularly to detect unauthorized database job submissions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3808 | DG0051-SQLServer9 | SV-24081r2_rule | ECLP-1 | Medium |
| Description |
|---|
| Unauthorized users may bypass security mechanisms by submitting jobs to job queues managed by the database to be run under a more privileged security context of the database or host system. These queues should be monitored regularly to detect any such unauthorized job submissions. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-20410r2_chk ) |
|---|
| 1. Review jobs scheduled to start automatically at system startup. From the query prompt: SELECT name FROM [master].sys.procedures WHERE is_auto_executed = 1 If any jobs listed are not documented as authorized, this part of the check is a Finding. 2. Review SQL Server job history From the query prompt: SELECT DISTINCT j.name FROM [msdb].dbo.sysjobhistory h, [msdb].dbo.sysjobs j WHERE h.job_id = j.job_id If no data is listed and no jobs are listed, this part of the check is Not a Finding. If any jobs listed are not documented as authorized, this part of the check is a Finding. Review monitoring procedures for job queues and evidence of implementation. If procedures for monitoring job queues are not documented are not complete or are not implemented, this is a Finding. If any part of this check results in a Finding, this is a Finding for the entire check. |
| Fix Text (F-22511r1_fix) |
|---|
| Establish and implement procedures to monitor the database job queue and job history for unauthorized job submissions. Include or note documented policy and procedures in the System Security Plan. |