STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

For local accounts created on the device, the Juniper SRX Services Gateway must automatically generate log records for account disabling events.

DISA Rule

SV-223183r513244_rule

Vulnerability Number

V-223183

Group Title

SRG-APP-000028-NDM-000210

Rule Version

JUSX-DM-000017

Severity

CAT II

CCI(s)

• CCI-001404 - The information system automatically audits account disabling actions.

Weight

10

Fix Recommendation

Configure at least one external syslog host is configured to log facility change-log or any, and severity info or any.

[edit system syslog]
set host <syslog server address> any <info | any>

-OR-

[edit]
set host <syslog server address> change-log <info | any>

Check Contents

Verify the device logs change-log events of severity info or any to an external syslog server.

[edit]
show system syslog

host <syslog server address> {
any <info | any>;
source-address <device address>;
}

-OR-

host <syslog server address> {
change-log <info | any>;
source-address <device address>;
}

If an external syslog host is not configured to log facility change-log severity <info | any>, or configured for facility any severity <info | any>, this is a finding.

Vulnerability Number

V-223183

Documentable

False

Rule Version

JUSX-DM-000017

Severity Override Guidance

Verify the device logs change-log events of severity info or any to an external syslog server.

[edit]
show system syslog

host <syslog server address> {
any <info | any>;
source-address <device address>;
}

-OR-

host <syslog server address> {
change-log <info | any>;
source-address <device address>;
}

If an external syslog host is not configured to log facility change-log severity <info | any>, or configured for facility any severity <info | any>, this is a finding.

Check Content Reference

M

Target Key

4098

Comments