Happy leap year, let’s talk Security and SQL STIG vulnerabilities V-213902, V-213935!
DISA DOD SQL STIG vulnerabilities V-213902, V-213935
SQL DBA team for RCC-C customer requesting documentation for exception, in light of vulnerabilities.
V-213902
V-213935
SCOM uses individual computer accounts in SQL for these findings
Holman documented this since 2012
SCOM SECURITY Documentation
SCOM2019 https://kevinholman.com/2020/07/23/scom-2019-security-account-matrix/
SCOM2019 learn article https://learn.microsoft.com/en-us/system-center/scom/plan-security-accounts?view=sc-om-2019
SCOM2022 learn article https://learn.microsoft.com/en-us/system-center/scom/plan-security-accounts?view=sc-om-2022
Both V-213902 AND V-213935 state same identification action.
Run this SQL Query on SCOM DB(s)
SELECT name
FROM sys.database_principals
WHERE type in (‘U’,’G’)
AND name LIKE ‘%$’
To remove users:
Run the following command for each user:
DROP USER [ IF EXISTS ] ;
V-213935 has a different identifier:
Launch PowerShell.
Execute the following code:
Note: <name> represents the username portion of the user. For example; if the user is “CONTOSO\user1$”, the username is “user1”.
([ADSISearcher]”(&(ObjectCategory=Computer)(Name=<name>))”).FindAll()
If no account information is returned, this is not a finding.
If account information is returned, this is a finding.
Tab delimited view –
Remove Computer Accounts DB SQL6-D0-000400 V-213902 CAT II Non-repudiation of actions taken is required in order to maintain data integrity. Examples of particular actions taken by individuals include creating information, sending a message, approving information (e.g., indicating concurrence or signing a contract), and receiving a message.
Remove Computer AccountsSQL6-D0-004200V-213935CAT IINon-repudiation of actions taken is required in order to maintain data integrity. Examples of particular actions taken by individuals include creating information, sending a message, approving information (e.g., indicating concurrence or signing a contract), and receiving a message.
Can provide one work-around to mitigate.
Awaiting CSS engagement for official mitigation from support and SCOM PG.