Download presentation
Presentation is loading. Please wait.
1
Automated Enterprise-wide SQL Server Auditing
Nem W. Schlecht Automated Enterprise-wide SQL Server Auditing
2
October 30th Through November 3rd
Join the brightest data professionals focused on the Microsoft Data Platform! October 30th Through November 3rd Pre-Conference Sessions – Monday/Tuesday Conference – Wednesday through Friday
3
SQLSatuday #682 – After Party
4th Floor of Mall of America at 6:30 PM Sponsored By:
4
Thank you Sponsors! Platinum Sponsor: Gold Sponsors:
5
PASSMN – News/Info Sponsors: Board Member Elections:
Thanks to all our sponsors of 2017! We need Sponsors for 2018! Special thanks to our annual sponsor: Board Member Elections: 3 spots available for term. Your chance to help out the MN SQL community!
6
About Me Fargo PASS Chapter Leader Twitter: @nemws1
7
About Me
8
IT Philosophy Modify your solutions for your needs. Stop modifying (constraining) yourself! Don't just fix the current problem… Fix it so it doesn't happen again
9
Introduction
10
Problem Lots of MSSQL Instances
Need to set up new servers quickly and accurately Inconsistencies/Enterprise changes/Learning! Best Practices/Compliance (SOX, et. al.) 3rd Party software Jr. DBA / Domain Admins
11
Solution Collect data Compare data Check data Fix issues
(yup, that simple)
12
Solution (Details) As close to all-SQL as possible (some PowerShell)
Automated By default, uses servers from an SSMS Central Management Server List Run daily via a Windows Task Daily reports on changes and needed fixes
13
Collect Data If you need it, query it and record it
All data collect queries stored in a table (of course) Simple key/value pairs Queries can be de-activated and sorted
15
Collect Data Working on community involvement and presets
Minimum collection points Recommended Glenn Berry VM environments
16
Currently ~200 data points
17
Common Data Points All Agent Jobs (and Categories)
All Database compatibility levels Free space on all drives Instant File Initialization?? Without Trace 3004 & 3605 Don't think we can check this yet…
18
Common Data Points Config:backup compression default
Config:max server memory (MB) Config:max worker threads Default DATA Directory Default LOG Directory Login Audit Level SA has EMPTY password SA Last Modified
19
Compare Data If you record it, compare it.
Compare today to the previous day Compare any 2 days
20
Daily Change Displays values between today and yesterday that have been: Changed Added Deleted
21
-- Changed Variables --
Instance: MB-MN01-VMG-003 Variable: SQL Server Start Time Old value: :40:16 New value: :43:06 -- New Variables -- Instance: MB-ND01-VMD-069\SPIDEV Variable: Database:SalesLead New value: 100 -- Old Variables -- -- *** No old values ***
22
Rule Checking If you record it, check it.
Run sanity checks on your servers. Make sure: Backup compression is turned on 'sa' has a password set max memory is set
23
INSERT INTO auditRules (
ruleName , runOrder , action , configKey , target ) VALUES ( 'sa-a.bob.smith' -- name , order , 'notcontains' -- check/action , 'ServerRole:sysadmin' -- key to check , 'MBND\a.bob.smith' -- value to check ;
24
-- Rule Checks -- Rule: sa-a.bob.smith Result: notcontains:match Instance: MB-ND01-SC-005 Variable: ServerRole:sysadmin Value: BUILTIN\administrators,MBND\a.bob.smith,MBND\a.nem.schlecht,MBND\DomainAdmins,MBND\s.CCM,MBND\s.sccm,MBND\s.SQLSentry,NT AUTHORITY\SYSTEM,NT SERVICE\MSSQLSERVER,NT SERVICE\SQLSERVERAGENT,sa
25
Fixing Rule Violations
If you check it, and it's wrong, fix it.
26
-- Fix sa-a.bob.smith--notcontains--ServerRole:sysadmin
:connect SERVER1 IF <> 'SERVER1') BEGIN PRINT ' *** Wrong Server! ' + + ' <> SERVER1'; SET NOEXEC ON; END USE [master] GO EXEC master..sp_dropsrvrolemember @loginame = N'MBND\a.bob.smith' = N'sysadmin' -- End fix sa-a.bob.smith--notcontains--ServerRole:sysadmin
27
Fixing Rule Violations
Make sure you make rules for everything Make sure they're in the right order! Create a rule to check for/create a user before you run the rule to assign them a role
28
ToDo Rules should be more flexible
Many rules need SQL snippet fixes to be written for them yet New/old (or down) servers mess up the change report Use Server Groups from the Centralized Server Management list in rules Ex: Apply rule only if in the 'dev' group, etc.
29
Want to try it our yourself?
30
About Me Fargo PASS Chapter Leader Twitter: @nemws1
31
Wake Up!!! I'm done! Any questions?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.