STIGQter: STIG Summary: Juniper Router NDM Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 24 Jul 2020: STIGQter: STIG Summary: Juniper Router NDM Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 24 Jul 2020:SV-101221r1_rule
V-91121
SRG-APP-000120-NDM-000237
JUNI-ND-000390
CAT II
10
Configure one or more classes as shown in the example below whose users will not be permitted to delete files or make changes to logging parameters.
[edit system]
set login class JR_ENGINEER permissions all
set login class JR_ENGINEER deny-configuration "(system syslog)"
set login class JR_ENGINEER deny-commands “(file delete)”
Review the router configuration to verify that it is compliant with this requirement. The configuration example below depicts a class "JR_ENGINEER" which does not permit users belonging to the class to delete files or make changes to logging parameters.
login {
class JR_ENGINEER {
permissions all;
deny-commands "(file delete)";
deny-configuration "(system syslog)";
}
}
Note: The predefined classes "Operator" and "Read-only" do not have permissions to delete files.
If the router is not configured to protect audit information from unauthorized deletion, this is a finding.
V-91121
False
JUNI-ND-000390
Review the router configuration to verify that it is compliant with this requirement. The configuration example below depicts a class "JR_ENGINEER" which does not permit users belonging to the class to delete files or make changes to logging parameters.
login {
class JR_ENGINEER {
permissions all;
deny-commands "(file delete)";
deny-configuration "(system syslog)";
}
}
Note: The predefined classes "Operator" and "Read-only" do not have permissions to delete files.
If the router is not configured to protect audit information from unauthorized deletion, this is a finding.
M
3381