dbWatch AS

Command shell setting

Name: Command shell setting
Platform: Sqlserver
Category: Security
Premium package: Security and compliance package
Description: Checks if the xp_cmdshell is enabled, as a security best practice it is recommended to only enable it for the duration of the actual task that requires it.
Long description: checks if the xp_cmdshell is enabled, as a security best practice it is recommended to only enable it for the duration of the actual task that requires it.
Version: 1.2
Default schedule: 5 1 1 *
Requires engine install: Yes
Compatibility tag: [CDATA[.[type=‘instance’ & databasetype=‘sqlserver’]/instance[maj_version > ‘2005’ & hasengine=‘YES’ & eng_inst_priv = 0 & (engine_edition = ‘Microsoft SQL Server’ | engine_edition = ‘Azure SQL Managed Instance’)
Parameters
Name Default value Description
return status 1 Return status value (ALARM – 2, WARNING – 1, or OK – 0) when the “xp_cmdshell” parameter is enabled.
disable cmd shell setting NO If set to “YES” the alert will disable “xp_cmdshell” (if it is enabled) by running sp_configure stored procedure.
history threshold 365 The maximum number of days to keep statistics for in the historic tables.

← Cross DB Ownership Chaining / Asymmetric Key size →

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment