General update suggestions using example V-67759
rx294 opened this issue · 0 comments
rx294 commented
get_accounts = command("Invoke-Sqlcmd -Query \"SELECT name FROM sys.sql_logins WHERE type_desc = 'SQL_LOGIN' AND is_disabled = 0;\" -ServerInstance '#{SERVER_INSTANCE}'").stdout.strip.split("\n")
get_accounts.each do | account|
a = account.strip
describe "#{a}" do
it { should be_in SQL_MANAGED_ACCOUNTS }
end
end if get_accounts != [] >>>> redundant
describe "There are no sql managed accounts, control not applicable" do
skip "There are no sql managed accounts, control not applicable"
end if get_accounts == []
suggested implementation:
query = %(
SELECT
name
FROM
sys.sql_logins
WHERE
type_desc = 'SQL_LOGIN'
AND is_disabled = 0;
)
sql_session = mssql_session(user: attribute('user'),
password: attribute('password'),
host: attribute('host'),
instance: attribute('instance'),
port: attribute('port'),
db_name: attribute('db_name'))
account_list = sql_session.query(query).column('name')
if account_list.empty?
impact 0.0
desc 'There are no sql managed accounts, control not applicable'
describe "There are no sql managed accounts, control not applicable" do
skip "There are no sql managed accounts, control not applicable"
end
else
account_list.each do |account|
describe "sql managed account: #{account}" do
subject {account}
it { should be_in SQL_MANAGED_ACCOUNTS }
end
end
end
As we talked you will be recoding to use the mssql_session resource ...I have added and example to the above implementation.
Please add the code to check for registry key as specified in a checktext
following query works to get the registry value
EXECUTE xp_instance_regread
N'HKEY_LOCAL_MACHINE',
N'SOFTWARE\Microsoft\MSSQLServer\\MSSQLServer',
N'LoginMode';