Sybase ASE and Sybase IQ SQL / command difference

I have created a checklist and a script from the free CIS Security Benchmark for the auditee to get the data and setting from the database. However, the auditee said they are using Sybase IQ Database, so I have to modify the statement below for them. I have there use Sybase IQ Database before and there are no such benchmark / checklist on the web. I hope someone can help!

Script

/* 1.0
Please provide the results by executing the following commands:
*/
use master
select @@servername
exec sp_helpserver
exec sp_loginconfig "login mode"
exec sp_loginconfig "default account"
exec sp_configure "allow resource limit"
exec sp_configure "select on syscomments.text"
exec sp_configure "log audit logon failure"
exec sp_configure "log audit logon success"
select name from syssrvroles where password = NULL
exec sp_configure "current audit table"
exec sp_configure "suspend audit when device full"
exec sp_configure "unified login required"

/* 1.1
Perform the following to determine ASE’s authentication mode:
*/
exec sp_configure 'enable pam user auth'
exec sp_configure 'enable ldap user auth'
exec sp_configure ‘use security services’

/* 1.2
Capture the following Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\SYBASE\Server\<ServerName>\DefaultLogin
*/

/* 1.3
Connect to the database as a user with the sso_role and execute the following SQL statement:
*/
exec sp_passwordpolicy 'list', 'allow password downgrade'

/* 1.4
Connect to the ASE server as a user with the sso_role and execute the following SQL statement to verify that the sa account does not have privileged roles:
*/
exec sp_displaylogin sa

/* 1.5
Connect to the ASE server as a user that has select permission on master.dbo.syslogins (such as a user with the sso_role) and execute the following SQL statement to retrieve a list of database usernames:
*/
use master select name from syslogins

/* 1.6
Perform the following to audit password complexity requirements while operating in Standard login mode:
Connect to the ASE server (the sso_role is not required) and execute the following SQL statement to confirm a system-wide minimum password length is enforced:
*/
exec sp_configure 'minimum password length'
/*
Execute the following statement to verify that password require at least one digit:
*/
exec sp_configure 'check password for digit'
/*
Connect to the ASE server as a user with the sso_role and execute the following SQL statement to retrieve the password policy settings in effect:
*/
exec sp_passwordpolicy 'list'

/* 1.7
Connect to the ASE server (the sso_role is not required) and execute the following SQL statement:
*/
exec sp_configure 'maximum failed logins'

/* 1.8
Connect to the ASE server (the sso_role is not required) and execute the following SQL statement to retrieve the system-wide password expiration:
*/
exec sp_configure 'systemwide password expiration'

/* 1.9
Connect to the ASE server (the sso_role is not required) and execute the following SQL statement to retrieve the system-wide password expiration:
*/
exec sp_configure 'systemwide password expiration'

/* 1.10
Connect to the ASE server with a user that has the sso_role and execute the following SQL statement where <Login_Name> should be substituted for the username for which the login trigger status is being determined:
*/
exec sp_displaylogin <Login_Name>
/*
Determine the presence of a global login trigger via connecting to the ASE Server with a user that has the sso_role and executing the following SQL statement:
*/
exec sp_logintrigger
mawinghoAsked:
Who is Participating?
 
Joe WoodhouseConnect With a Mentor Principal ConsultantCommented:
Um. I don't think this checklist is going to be useful. ASE & IQ are rather different products. It's not just a matter of "change this ASE syntax to IQ"... most of these have no simple equivalents. Some of the concepts don't apply; others do but in completely different ways and we can't substitute one procedure call with another.

This would be why I & others keep answering "there is no standard checklist" for all the people coming here and asking that we share the standard audit checklists. :/

You have a lot of reading to do. Start with the IQ Admin Guide which discusses security. This is not a question you'll get good answers for free on a website - this would be a week of consulting if a client asked me to do it.

Sorry but there are no shortcuts here.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.