Renamed sa account
Job details
| Name: |
Renamed sa account |
| Platform: |
Sqlserver |
| Category: |
Security |
| Premium package: |
Security and compliance package |
| Description: |
Checks if the standard ‘sa’ login account (principal_id=1 and sid=0×01) has been renamed. |
| Long description: |
Checks if the standard ‘sa’ login account (principal_id=1 and sid=0×01) has been renamed. ‘sa’ is the original login account created during installation, and with sysadmin privileges. |
| Version: |
1.2 |
| Default schedule: |
25 1 1 * |
| Requires engine install: |
Yes |
| Compatibility tag: |
.[type=‘instance’ & databasetype=‘sqlserver’]/instance[maj_version > ‘2005′ & hasengine=‘YES’ & eng_inst_priv = 0 & (engine_edition = ‘Microsoft SQL Server’ |
engine_edition = ‘Azure SQL Managed Instance’)] |
Parameters
| Name |
Default value |
Description |
| return status |
1 |
Return status value (ALARM – 2, WARNING – 1, or OK – 0) when the “sa” login account is not renamed. |
| new login name |
change_me |
If parameter “rename sa login” is set to “YES“ the alert will rename “sa” login account to this parameter value. |
| rename sa login |
NO |
If set to “YES“ the alert will rename “sa” login account using “new login name” parameter value. |
| history threshold |
365 |
The maximum number of days to keep statistics for in the historic tables. |
Job Summary
- Purpose: This job is designed to monitor and check if the default “sa” login account has been renamed in SQL Server environments.
- Why: Renaming the “sa” account is a common security practice to make it harder for malicious users to guess this highly privileged account name. This job helps ensure that security best practices are followed and facilitates compliance with security policies.
- Manual checking: To manually check if the “sa” account has been renamed, you can run the following SQL command:
SELECT name FROM sys.server_principals WHERE sid = 0x01
Implementation Details
- The job executes a procedure that checks for the “sa” account’s current name and whether it has been renamed from its default.
- It allows for the “sa” account to be renamed directly via dbWatch job parameters if the condition is met.
- The procedure stores current status in a table for audit and tracks changes over time, which helps in determining when the account name was altered.
- Dependencies include several procedures and tables that support the main procedure, handling everything from data handling, logging, error handling, exception reporting, and history cleaning.
Job Configuration and Dependencies
- Dependencies include:
- Main procedure (dbw_renamed_sa_account_proc)
- Current status table (dbw_renamed_sa_account_info)
- History table (dbw_renamed_sa_account_histr)
- The procedure inserts data into tables that log the current and historical data regarding the “sa” account usage and renames.
Reporting and Maintenance
- The job provides reports that can show the current and historical data regarding the “sa” account name status.
- Provides integration capabilities with dbWatch security and compliance framework for enhanced monitoring.
- Job configurations ensure data retention for a defined period, complying with internal database policies regarding data lifecycle.
Security and Compliance
- The job helps in enforcing security practices regarding high privilege account management.
- Provides mechanisms to react when the “sa” account is not renamed (by renaming it if configured to do so).
- Ensures compliance with security policies by monitoring and reporting on the naming status of the “sa” account, which can be crucial for audits.
Tables and Indices
| Name |
Purpose |
| dbw_renamed_sa_account_info |
Stores the current “sa” name usage value and history date |
| dbw_renamed_sa_account_histr |
Aggregates the historical data regarding the “sa” account name changes |
| Name |
Table Applied |
Purpose |
| dbw_disabled_sa_idx01 |
dbw_renamed_sa_account_info |
Optimizes queries on history date |
| dbw_disabled_sa_h_idx01 |
dbw_renamed_sa_account_histr |
Enhances performance for historical data retrieval |
This monitoring job is crucial for maintaining security standards and ensuring that database administration practices adhere to prescribed security policies.