Enable Database Logging Rule
This rule states that database logging should be enabled to ensure security and audit trails.
| Rule | Database logging should be enabled |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ Low |
Rule Description:
Database logging should be enabled for compliance with NIST 800-171 Revision 2. This security control requires organizations to implement and maintain auditing and logging mechanisms within their databases to record and monitor events that impact the security of sensitive information. Enabling database logging helps organizations track and investigate security incidents, troubleshoot system issues, and ensure compliance with regulatory requirements.
Troubleshooting Steps:
- 1.
Check Database Logging Status: Verify if database logging is enabled or disabled by checking the database configuration settings or contacting the database administrator.
- 2.
Review Database Logs: Examine the existing database logs to determine if any security events or anomalies have been recorded. Ensure that the logs capture a sufficient level of detail to meet the compliance requirements of NIST 800-171 Revision 2.
- 3.
Enable Database Logging: If database logging is currently disabled, follow the appropriate steps to enable logging for the specific database management system in use. Refer to the database documentation or consult with the database vendor or administrator for detailed instructions.
- 4.
Configure Database Log Settings: Adjust the database log settings to capture the necessary event types and level of detail required to comply with NIST 800-171 Revision 2. Consider enabling logging for critical events such as user authentication, privilege changes, access control modifications, and any other relevant activities related to sensitive information.
- 5.
Test Logging Functionality: Validate that the database logging is functioning correctly by performing test transactions or simulating security events to ensure they are being logged and captured in the database logs.
- 6.
Monitor and Maintain Logs: Regularly review and analyze the database logs to detect any suspicious activities, unauthorized access attempts, or policy violations. Establish a process for the retention and archiving of logs to comply with regulatory requirements and facilitate forensic investigations, if necessary.
Necessary Configuration Codes:
Depending on the specific database management system in use, the following codes may be relevant for enabling and configuring database logging:
Microsoft SQL Server:
To enable database logging in Microsoft SQL Server, execute the following query:
EXEC sp_changedboption 'DatabaseName', 'single user', 'true'; ALTER DATABASE DatabaseName SET RECOVERY FULL; EXEC sp_changedboption 'DatabaseName', 'single user', 'false';
Replace 'DatabaseName' with the name of the target database.
Oracle Database:
To enable database logging in Oracle Database, run the following command as the Oracle SYSDBA user:
ALTER DATABASE ADD SUPPLEMENTAL LOG DATA;
MySQL:
MySQL automatically logs various events, but to ensure comprehensive logging and compliance with NIST 800-171, it is recommended to enable the General Query Log. Add the following line to the MySQL configuration file (my.cnf or my.ini):
general_log = 1
Restart the MySQL service for the changes to take effect.
Remediation Steps:
Follow these step-by-step instructions to enable and configure database logging on the respective database management system:
Microsoft SQL Server:
- 1.
Connect to the SQL Server instance using appropriate credentials through SQL Server Management Studio (SSMS) or any preferred SQL management tool.
- 2.
Open a new query window and execute the following query to enable single-user mode for the target database:
EXEC sp_changedboption 'DatabaseName', 'single user', 'true';
Replace 'DatabaseName' with the name of the target database.
- 1.Set the database recovery model to 'FULL' using the following query:
ALTER DATABASE DatabaseName SET RECOVERY FULL;
- 1.Disable single-user mode for the database:
EXEC sp_changedboption 'DatabaseName', 'single user', 'false';
- 1.Repeat these steps for each database requiring database logging.
Oracle Database:
- 1.
Connect to the Oracle Database using SQL*Plus or any preferred Oracle management tool as the Oracle SYSDBA user.
- 2.
Run the following command to add supplemental log data:
ALTER DATABASE ADD SUPPLEMENTAL LOG DATA;
- 1.Ensure that all necessary databases have supplemental log data enabled.
MySQL:
- 1.
Locate the MySQL configuration file – my.cnf (Linux) or my.ini (Windows). The file is typically located in the MySQL installation directory.
- 2.
Open the configuration file in a text editor.
- 3.
Look for the section titled
and add the following line if it doesn't already exist:[mysqld]
general_log = 1
- 1.
Save the configuration file.
- 2.
Restart the MySQL service to apply the changes.
Ensure that database logging is enabled for all relevant databases and periodically review the logs to ensure compliance with NIST 800-171 Revision 2 requirements and to maintain a secure database environment.