Sybase DB Compliance Checks
Plugin ID: 150080
The Sybase DB plugin connects to targets that host Sybase databases. The plugin connects to the target, runs a query against the database, and evaluates the output for specific expressions.
Scan Requirements
Credentials
The plugin requires Database credentials with the “Database Type” of “Sybase” for scanning.
Permissions
Tenable recommends running a database compliance scan with a user account having the following permissions or privileges:
-
Sybase ASE:
-
Add the scanning user to the sa_role server role
-
This ensures thorough scan results and reports because some system or hidden tables and parameters can only be accessed by an account with such high level privileges. These settings were obtained by testing Tenable’s published CIS and DISA STIG audits, which primarily target system databases and tables. Custom audits with user-created databases will require independent testing to achieve maximum results.
Checks
All Sybase DB compliance checks must be bracketed with the check type encapsulation and the SybaseDB designation. This is required to differentiate .audit files intended specifically for systems running Sybase databases from other types of compliance audits.
<check_type:"SybaseDB">
[audit content]
</check_type>
See the following topics to learn more about the Sybase DB plugin:
Notes
-
If scans that utilize this plugin are not producing any compliance results, the following items should be checked:
-
Check that the credentials provided to the scan policy work from a remote host using a native SQL client.
-
Check the audit trail for the plugin that test for database login. For Sybase ASE, this would be plugin 132057 - Sybase ASE Login Possible.
-
Check the audit trail to see if there is a result for the compliance plugin. For Sybase ASE, this would be plugin 150080 - Sybase DB Compliance Checks.
-