Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Database Security Update 5.38 for Software Updates

Knowledgebase version 5.38 includes new checks for Microsoft SQL Server, MySQL, and PostgreSQL. It has updated checks for MySQL and Sybase ASE and also introduces the DISA-STIG Oracle 12c V1R12, DISA-STIG PostgreSQL EDB V1R5, and DISA-STIG SQL Server 2012 V1R18 policies as well as updated several existing policies. This release also adds a MySQL 8 User Creation Script for the upcoming AppDetectivePRO and DbProtect updates that will include support for version 8 of MySQL.

New Vulnerability and Configuration Check Highlights

Microsoft SQL Server

  • Access to linked servers
    • Report the list of linked servers defined in the local server.
    • Risk: Informational
  • Allow Polybase Export feature must be disabled
    • Verify that the 'allow polybase export' configuration option is disabled.
    • Risk: Medium
  • Customer Feedback and Error Reporting
    • Verify that SQL Server Customer Feedback and Error Reporting is disabled.
    • Risk: Informational
  • External Scripts Enabled feature must be disabled
    • Verify that the 'external scripts enabled' configuration option is disabled.
    • Risk: Medium
  • Hadoop Connectivity feature must be disabled
    • Verify that the 'hadoop connectivity' configuration option is disabled.
    • Risk: Medium
  • Remote Data Archive feature must be disabled
    • Verify that the 'remote data archive' configuration option is disabled.
    • Risk: Medium
  • Replication XPs feature must be disabled
    • Verify that the 'replication xps' configuration option is disabled.
    • Risk: Medium
  • SQL Server Mirroring endpoint encryption
    • Verify that SQL Server Mirroring endpoint utilizes AES encryption.
    • Risk: Medium
  • SQL Server Service Broker endpoint encryption
    • Verify that SQL Server Service Broker endpoint utilizes AES encryption.
    • Risk: Medium
  • SQL Server Usage and Error Reporting Auditing
    • Verify that the SQL Server Usage and Error Reporting Auditing is enabled.
    • Risk: Medium
  • Stored procedures and functions that utilize impersonation
    • Report the list of stored procedures and functions that utilize EXECUTE AS.
    • Risk: Medium
  • The NT AUTHORITY\SYSTEM account is used for administration
    • Check permissions granted to the NT AUTHORITY\SYSTEM account.
    • Risk: High
  • User Options feature must be disabled
    • Verify that the 'user options' configuration option is disabled.
    • Risk: Low

MySQL

  • Critical Patch Update - January 2019
  • Check version to determine if the database contains vulnerabilities described by Critical Patch Update - January 2019.
  • Risk: Medium
  • Require current password when changing the password
    • Verify that non-privileged users must provide their current password at the time they set a new password.
    • Risk: Low

PostgreSQL

  • Check hba conf file to see if values hostssl AND cert is used
    • Verify that the PostgreSQL pg_hba.conf file contains the following: type: hostssl method: cert
    • Risk: Medium
  • Check hba conf file to see if values hostssl AND clientcert is used
    • Verify that the PostgreSQL pg_hba.conf file contains the following: type: hostssl options: clientcert=1
    • Risk: Medium
  • Ensure auditing is enabled for all direct access to databases
  • Verify that the following PostgreSQL EDB parameters are configured correctly: edb_statement edb_connect edb_disconnect
  • Risk: Medium
  • Ensure edb_audit is configured correctly
    • Verify that the PostgreSQL EDB parameter edb_audit is properly configured and ENABLED.
    • Risk: Medium
  • Ensure edb_audit_connect is configured correctly
    • Verify that the PostgreSQL EDB parameter edb_audit_connect is properly configured.
    • Risk: Medium
  • Ensure edb_audit_statement is configured correctly
    • Verify that the PostgreSQL EDB parameter edb_audit_statement is properly configured.
    • Risk: Medium
  • Ensure fips option is included in OpenSSL version
    • Verify that a FIPS compliant OpenSSL library is installed.
    • Risk: Medium
  • Ensure security label policies are enabled
    • Verify that there are security label policies are enabled on database objects for PostgreSQL EDB.
    • Risk: Medium
  • Ensure the permissions on the edb_audit directory are correct
    • Verify that the permissions on the PostgreSQL EDB edb_audit directory are correct.
    • Risk: Medium
  • Ensure the permissions on the server.key file are correct
    • Verify that the permissions of the PostgreSQL parameter ssl_cert_file (server.key) are correct.
    • Risk: Medium
  • Ensure there is a connection limit for each role and aligns with organization policies
  • Verify that the PostgreSQL connection limit for roles is enabled and aligned with your organization's policies.
  • Risk: Medium
  • Ensure there is monitoring of database objects to prevent unauthorized modifications
    • Verify that there are jobs enabled that prevent unauthorized modification of database objects.
    • Risk: Medium
  • Ensure users who have access to data input are protected from SQL injection
    • Verify that the database users responsible for data input are protected against SQL injection.
    • Risk: Medium
  • Must disable network protocols, functions, and ports deemed unsecure
  • Verify that the PostgreSQL pg_hba.conf file contains certain logic and that the port is an acceptable secured port.
  • Risk: Medium
  • Verify sample databases are removed from PostgreSQL installation
    • Verify that the sample databases of the PostgreSQL installation are removed.
    • Risk: Medium

Updated Checks

MySQL

  • Latest release not installed
    • Support MySQL 5.6.43, 5.7.25
    • Risk: High
  • Release update not installed on time
    • Support MySQL 5.6.43, 5.7.25
    • Risk: High

Sybase

  • Latest patch not applied
    • Support SAP ASE 16.0 SP03 PL06
    • Risk: High
  • Patch not applied on time
    • Support SAP ASE 16.0 SP03 PL06
    • Risk: High

New Policies

  • DISA-STIG Oracle 12c V1R12 - Audit (Built-in)
    • This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guides "Oracle Database 12c Security Technical Implementation Guide Version 1 Release 12".
  • DISA-STIG PostgreSQL EDB V1R5 - Audit (Built-In)
    • This policy has been created with guidance of the configuration parameters outlined by the DISA-STIG PostgreSQL EDB Advanced Server Security Technical Implementation Guide Version 1, Release 5.
  • DISA-STIG SQL Server 2012 V1R18 - Audit (Built-in)
    • This policy has been created with guidance of the configuration parameters outlined by the DISA-STIG Microsoft SQL Server 2012 Security Technical Implementation Guide Version 1, Release 18.

Updated Policies

  • Base Line - Audit (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • Basel II - Audit (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
      • MySQL: Critical Patch Update - January 2019: Medium
      • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
    • Basel II - Pen Test (Built-in)
  • Best Practices for Federal Gov. - Audit (Built-in)
    • Microsoft SQL Server: Access to linked servers: Informational
    • Microsoft SQL Server: Allow Polybase Export feature must be disabled: Medium
    • Microsoft SQL Server: Customer Feedback and Error Reporting: Informational
    • Microsoft SQL Server: External Scripts Enabled feature must be disabled: Medium
    • Microsoft SQL Server: Hadoop Connectivity feature must be disabled: Medium
    • Microsoft SQL Server: Remote Data Archive feature must be disabled: Medium
    • Microsoft SQL Server: Replication XPs feature must be disabled: Medium
    • Microsoft SQL Server: SQL Server Mirroring endpoint encryption: Medium
    • Microsoft SQL Server: SQL Server Service Broker endpoint encryption: Medium
    • Microsoft SQL Server: SQL Server Usage and Error Reporting Auditing: Medium
    • Microsoft SQL Server: Stored procedures and functions that utilize impersonation: Medium
    • Microsoft SQL Server: The NT AUTHORITY\SYSTEM account is used for administration: High
    • Microsoft SQL Server: User Options feature must be disabled: Low
    • MySQL: Critical Patch Update - January 2019: Medium
    • MySQL: Require current password when changing the password: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • CIS v1.0.0 for MySQL 5.7 - Audit (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • New Checks
  • CIS v1.0.0 for Oracle 11gR1&R2 - Audit (Built-in)
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • CIS v2.0 for Oracle 12c - Audit (Built-In)
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • CIS v2.2.0 for Oracle 11gR2 - Audit (Built-In)
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • CNIL - Audit (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • MySQL: Require current password when changing the password: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • DISA-STIG Database Security - Audit (Built-in)
    • Microsoft SQL Server: Access to linked servers: Informational
    • Microsoft SQL Server: Allow Polybase Export feature must be disabled: Medium
    • Microsoft SQL Server: Customer Feedback and Error Reporting: Informational
    • Microsoft SQL Server: External Scripts Enabled feature must be disabled: Medium
    • Microsoft SQL Server: Hadoop Connectivity feature must be disabled: Medium
    • Microsoft SQL Server: Remote Data Archive feature must be disabled: Medium
    • Microsoft SQL Server: Replication XPs feature must be disabled: Medium
    • Microsoft SQL Server: SQL Server Mirroring endpoint encryption: Medium
    • Microsoft SQL Server: SQL Server Service Broker endpoint encryption: Medium
    • Microsoft SQL Server: SQL Server Usage and Error Reporting Auditing: Medium
    • Microsoft SQL Server: Stored procedures and functions that utilize impersonation: Medium
    • Microsoft SQL Server: The NT AUTHORITY\SYSTEM account is used for administration: High
    • Microsoft SQL Server: User Options feature must be disabled: Low
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • DISA-STIG Oracle 11gR2 V1R14 - Audit (Built-in)
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • DISA-STIG Oracle 12c V1R11 - Audit (Built-in)
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • Database Best Practices
    • Microsoft SQL Server: Access to linked servers: Informational
    • Microsoft SQL Server: Allow Polybase Export feature must be disabled: Medium
    • Microsoft SQL Server: External Scripts Enabled feature must be disabled: Medium
    • Microsoft SQL Server: Hadoop Connectivity feature must be disabled: Medium
    • Microsoft SQL Server: Remote Data Archive feature must be disabled: Medium
    • Microsoft SQL Server: Replication XPs feature must be disabled: Medium
    • Microsoft SQL Server: SQL Server Usage and Error Reporting Auditing: Medium
    • Microsoft SQL Server: Stored procedures and functions that utilize impersonation: Medium
    • Microsoft SQL Server: The NT AUTHORITY\SYSTEM account is used for administration: High
    • Microsoft SQL Server: User Options feature must be disabled: Low
    • MySQL: Critical Patch Update - January 2019: Medium
    • MySQL: Require current password when changing the password: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • Download - Pen Test (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • EU Data Protection Directive - Audit (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • EU Data Protection Directive - Pen Test (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • FISMA - Audit (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • FISMA - Pen Test (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • FedRAMP - Audit (Built-in)
    • New Checks
    • MySQL: Critical Patch Update - January 2019: Medium
    • MySQL: Require current password when changing the password: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
  • Full - Pen Test (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • Gramm-Leach-Bliley Act - Audit (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • Gramm-Leach-Bliley Act - Pen Test (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • HIPAA - Audit (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • HIPAA - Pen Test (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • Heavy - Pen Test (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • Integrity - Audit (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • MITS - Audit (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • Massachusetts 201 CMR 17.00
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • Medium - Pen Test (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • MiFID - Audit (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • MiFID - Pen Test (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • PCI Data Security Standard - Audit (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • PCI Data Security Standard - Pen Test (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • Passwords - Audit (Built-in)
    • New Checks
      • MySQL: Require current password when changing the password: Medium
  • Safe - Pen Test (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • Sarbanes-Oxley - Audit (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • Sarbanes-Oxley - Pen Test (Built-in)
    • MySQL: Critical Patch Update - January 2019: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • New Checks
  • Strict - Audit (Built-in)
    • Microsoft SQL Server: Access to linked servers: Informational
    • Microsoft SQL Server: Allow Polybase Export feature must be disabled: Medium
    • Microsoft SQL Server: Customer Feedback and Error Reporting: Informational
    • Microsoft SQL Server: External Scripts Enabled feature must be disabled: Medium
    • Microsoft SQL Server: Hadoop Connectivity feature must be disabled: Medium
    • Microsoft SQL Server: Remote Data Archive feature must be disabled: Medium
    • Microsoft SQL Server: Replication XPs feature must be disabled: Medium
    • Microsoft SQL Server: SQL Server Mirroring endpoint encryption: Medium
    • Microsoft SQL Server: SQL Server Service Broker endpoint encryption: Medium
    • Microsoft SQL Server: SQL Server Usage and Error Reporting Auditing: Medium
    • Microsoft SQL Server: Stored procedures and functions that utilize impersonation: Medium
    • Microsoft SQL Server: The NT AUTHORITY\SYSTEM account is used for administration: High
    • Microsoft SQL Server: User Options feature must be disabled: Low
    • MySQL: Critical Patch Update - January 2019: Medium
    • MySQL: Require current password when changing the password: Medium
    • Oracle: Critical Patch Update/Patch Set Update - January 2019: Medium
    • PostgreSQL: Check hba conf file to see if values hostssl AND cert is used: Medium
    • PostgreSQL: Check hba conf file to see if values hostssl AND clientcert is used: Medium
    • PostgreSQL: Ensure auditing is enabled for all direct access to databases: Medium
    • PostgreSQL: Ensure edb_audit is configured correctly: Medium
    • PostgreSQL: Ensure edb_audit_connect is configured correctly: Medium
    • PostgreSQL: Ensure edb_audit_statement is configured correctly: Medium
    • PostgreSQL: Ensure fips option is included in OpenSSL version: Medium
    • PostgreSQL: Ensure security label policies are enabled: Medium
    • PostgreSQL: Ensure the permissions on the edb_audit directory are correct: Medium
    • PostgreSQL: Ensure the permissions on the server.key file are correct: Medium
    • PostgreSQL: Ensure there is a connection limit for each role and aligns with organization policies: Medium
    • PostgreSQL: Ensure there is monitoring of database objects to prevent unauthorized modifications: Medium
    • PostgreSQL: Ensure users who have access to data input are protected from SQL injection: Medium
    • PostgreSQL: Must disable network protocols, functions, and ports deemed unsecure: Medium
    • PostgreSQL: Verify sample databases are removed from PostgreSQL installation: Medium
    • New Checks

User Creation Scripts

  • MySQL 8 Added

Availability

  • Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
  • AppDetectivePRO customers can use the Updater within the product as well

Latest Software Updates

Web Application Security – ModSecurity Commercial Rules, Update for January 2024

Overview for rules released by Trustwave SpiderLabs in January for ModSecurity Commercial Rules package. The rules are available for versions 2.9.x and 3.x of ModSecurity.

Read More

DbProtect 6.6.10 and AppDetectivePRO 10.9 Now Available

For any additional information, navigate to the Database Security folder in the File Cabinet of the Support section in the Trustwave Fusion platform.

Read More

Web Application Security – ModSecurity Commercial Rules, Update for December 2023

Overview for rules released by Trustwave SpiderLabs in December for ModSecurity Commercial Rules package. The rules are available for versions 2.9.x and 3.x of ModSecurity.

Read More