?
Solved

Sybase ASE and Sybase IQ SQL / command difference

Posted on 2012-09-05
1
Medium Priority
?
3,778 Views
Last Modified: 2012-09-19
I have created a checklist and a script from the free CIS Security Benchmark for the auditee to get the data and setting from the database. However, the auditee said they are using Sybase IQ Database, so I have to modify the statement below for them. I have there use Sybase IQ Database before and there are no such benchmark / checklist on the web. I hope someone can help!

Script

/* 1.0
Please provide the results by executing the following commands:
*/
use master
select @@servername
exec sp_helpserver
exec sp_loginconfig "login mode"
exec sp_loginconfig "default account"
exec sp_configure "allow resource limit"
exec sp_configure "select on syscomments.text"
exec sp_configure "log audit logon failure"
exec sp_configure "log audit logon success"
select name from syssrvroles where password = NULL
exec sp_configure "current audit table"
exec sp_configure "suspend audit when device full"
exec sp_configure "unified login required"

/* 1.1
Perform the following to determine ASE’s authentication mode:
*/
exec sp_configure 'enable pam user auth'
exec sp_configure 'enable ldap user auth'
exec sp_configure ‘use security services’

/* 1.2
Capture the following Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\SYBASE\Server\<ServerName>\DefaultLogin
*/

/* 1.3
Connect to the database as a user with the sso_role and execute the following SQL statement:
*/
exec sp_passwordpolicy 'list', 'allow password downgrade'

/* 1.4
Connect to the ASE server as a user with the sso_role and execute the following SQL statement to verify that the sa account does not have privileged roles:
*/
exec sp_displaylogin sa

/* 1.5
Connect to the ASE server as a user that has select permission on master.dbo.syslogins (such as a user with the sso_role) and execute the following SQL statement to retrieve a list of database usernames:
*/
use master select name from syslogins

/* 1.6
Perform the following to audit password complexity requirements while operating in Standard login mode:
Connect to the ASE server (the sso_role is not required) and execute the following SQL statement to confirm a system-wide minimum password length is enforced:
*/
exec sp_configure 'minimum password length'
/*
Execute the following statement to verify that password require at least one digit:
*/
exec sp_configure 'check password for digit'
/*
Connect to the ASE server as a user with the sso_role and execute the following SQL statement to retrieve the password policy settings in effect:
*/
exec sp_passwordpolicy 'list'

/* 1.7
Connect to the ASE server (the sso_role is not required) and execute the following SQL statement:
*/
exec sp_configure 'maximum failed logins'

/* 1.8
Connect to the ASE server (the sso_role is not required) and execute the following SQL statement to retrieve the system-wide password expiration:
*/
exec sp_configure 'systemwide password expiration'

/* 1.9
Connect to the ASE server (the sso_role is not required) and execute the following SQL statement to retrieve the system-wide password expiration:
*/
exec sp_configure 'systemwide password expiration'

/* 1.10
Connect to the ASE server with a user that has the sso_role and execute the following SQL statement where <Login_Name> should be substituted for the username for which the login trigger status is being determined:
*/
exec sp_displaylogin <Login_Name>
/*
Determine the presence of a global login trigger via connecting to the ASE Server with a user that has the sso_role and executing the following SQL statement:
*/
exec sp_logintrigger
0
Comment
Question by:mawingho
1 Comment
 
LVL 24

Accepted Solution

by:
Joe Woodhouse earned 1500 total points
ID: 38374608
Um. I don't think this checklist is going to be useful. ASE & IQ are rather different products. It's not just a matter of "change this ASE syntax to IQ"... most of these have no simple equivalents. Some of the concepts don't apply; others do but in completely different ways and we can't substitute one procedure call with another.

This would be why I & others keep answering "there is no standard checklist" for all the people coming here and asking that we share the standard audit checklists. :/

You have a lot of reading to do. Start with the IQ Admin Guide which discusses security. This is not a question you'll get good answers for free on a website - this would be a week of consulting if a client asked me to do it.

Sorry but there are no shortcuts here.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An alternative to the "For XML" way of pivoting and concatenating result sets into strings, and an easy introduction to "common table expressions" (CTEs). Being someone who is always looking for alternatives to "work your data", I came across this …
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question