so we cna check login auditing #882

Author: SQLDBAWithABeard

developing/Robs-Instance.ps1

@@ -11,6 +11,9 @@ $Checks = 'MaxMemory'
 $Checks = 'OrphanedFile'
 $Checks = 'MemoryDump'
 $Checks = 'HideInstance'
+$Checks = 'LoginAuditFailed'
+$Checks = 'LoginAuditSuccessful'
+$Checks = 'LoginAuditSuccessful', 'LoginAuditFailed'
 
 Invoke-PerfAndValidateCheck -Checks $Checks
 Invoke-PerfAndValidateCheck -Checks $Checks -PerfDetail
@@ -19,7 +22,7 @@ $password = ConvertTo-SecureString "dbatools.IO" -AsPlainText -Force
 $cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "sqladmin", $password
 $show = 'All'
 
-$v4code = Invoke-DbcCheck -SqlInstance $Sqlinstances -SqlCredential $cred -Check $Checks -legacy $true -Show $show -PassThru
+$v4code = Invoke-DbcCheck -SqlInstance $Sqlinstances -SqlCredential $cred -Check $Checks -legacy $true -Show $show -PassThru -verbose
 # Run v5 checks
 $v5code = Invoke-DbcCheck -SqlInstance $Sqlinstances -SqlCredential $cred -Check $Checks -legacy $false -Show $show -PassThru -Verbose
 

source/checks/Instancev5.Tests.ps1

@@ -200,6 +200,24 @@ Describe "Linked Servers" -Tag LinkedServerConnection, Connectivity, Medium, Ins
     }
 }
 
+Describe "Failed Login Auditing" -Tag LoginAuditFailed, Security, CIS, Medium, Instance -ForEach $InstancesToTest {
+    $skip = ($__dbcconfig | Where-Object { $_.Name -eq 'skip.security.loginauditlevelfailed' }).Value
+    Context "Testing if failed login auditing is in place on <_.Name>" {
+        It "The failed login auditing should be set on  <_.Name>" -Skip:$skip {
+            $psitem.Settings.AuditLevel | Should -BeIn @("Failure", "All") -Because "We expected the audit level to be set to capture failed logins"
+        }
+    }
+}
+
+Describe "Successful Login Auditing" -Tag LoginAuditSuccessful, Security, CIS, Medium, Instance -ForEach $InstancesToTest {
+    $skip = ($__dbcconfig | Where-Object { $_.Name -eq 'skip.security.loginauditlevelsuccessful' }).Value
+    Context "Testing if successful and failed login auditing is in place on  <_.Name>" {
+        It "The successful and failed auditing should be set on  <_.Name>" -Skip:$skip {
+            $psitem.Settings.AuditLevel | Should -Be "All" -Because "We expected the audit level to be set to capture all logins (successful and failed)"
+        }
+    }
+}
+
 Describe "Instance MaxDop" -Tag MaxDopInstance, MaxDop, Medium, Instance -ForEach ($InstancesToTest | Where-Object { $psitem.Name -notin $psitem.ConfigValues.ExcludeInstanceMaxDop }) {
     $skip = ($__dbcconfig | Where-Object { $_.Name -eq 'skip.instance.MaxDopInstance' }).Value
     Context "Testing Instance MaxDop Value on <_.Name>" {

source/internal/functions/NewGet-AllInstanceInfo.ps1

@@ -400,6 +400,16 @@ function NewGet-AllInstanceInfo {
             }
         }
 
+        'LoginAuditFailed' {
+            $SettingsInitFields.Add("AuditLevel") | Out-Null # so we can check auditlevel
+            $Instance.SetDefaultInitFields([Microsoft.SqlServer.Management.Smo.Settings], $SettingsInitFields)
+        }
+
+        'LoginAuditSuccessful' {
+            $SettingsInitFields.Add("AuditLevel") | Out-Null # so we can check auditlevel
+            $Instance.SetDefaultInitFields([Microsoft.SqlServer.Management.Smo.Settings], $SettingsInitFields)
+        }
+
         Default { }
     }