IIS 6.0 Metabase 보안 감사 설정

Windows Server 2003 Service Pack 1 이후부터는 Metabase 감사설정이 가능합니다.

Iiscnfg.vbs /EnableAudit /metabase path

메타베이스 모든 노드를 감사할 경우:

Iiscnfg.vbs /EnableAudit / /r

C:\>Iiscnfg.vbs /EnableAudit / /r
Microsoft (R) Windows Script Host 버전 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. Auditing was enabled on /.
Auditing was enabled on /Logging.
Auditing was enabled on /MSFTPSVC.
Auditing was enabled on /SmtpSvc.
Auditing was enabled on /SmtpSvc/1.
Auditing was enabled on /W3SVC.
Auditing was enabled on /W3SVC/1/Filters.
Auditing was enabled on /W3SVC/2/filters.
Auditing was enabled on /W3SVC/2027230104/filters.
Auditing was enabled on /W3SVC/3/filters.
Auditing was enabled on /W3SVC/397007713/filters.
Auditing was enabled on /W3SVC/4/filters.
Auditing was enabled on /W3SVC/5/filters.
Auditing was enabled on /W3SVC/6/filters.
Auditing was enabled on /W3SVC/738020274/filters.
Auditing was enabled on /W3SVC/957105308/filters.
Auditing was enabled on /W3SVC/AppPools.
Auditing was enabled on /W3SVC/Filters.
Auditing was enabled on /W3SVC/Info.


특정 노드만 감사할 경우:

Iiscnfg.vbs /EnableAudit /w3svc/1/root


물론,. 위 설정만 한다고 해서 되는것은 아니고 로컬보안정책의 보안감사에서 "개체 액세스 감사" 설정이 되어 있어야 합니다.

메타베이스 값이 변경되면,. 다음과 같이 보안로그에 남게 됩니다.

감사는 다음과 같은 항목에 해당되는 경우 기록됩니다.

- Delete key: name of node being deleted
 
- Delete property: name of key and name of property being deleted
 
- Move key: old node location and new node location
 
- Copy key: source node location and new node location
 
- Add key: name of node being added
 
- Add property: name of key, name of property, and value of property
 
- Rename key: names of old node and new node
 
- Change property: name of key, name of property, old and new values of property

레퍼런스: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/b5ac0be1-24b5-4e13-9d61-485e28657f83.mspx?mfr=true


24-iis-3.gif
24-iis-4.gif