STIGQter STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Juniper SRX Services Gateway must generate log records when successful attempts to configure the device and use commands occur.

DISA Rule

SV-223191r513265_rule

Vulnerability Number

V-223191

Group Title

SRG-APP-000091-NDM-000223

Rule Version

JUSX-DM-000040

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

The following example commands configure Syslog and local backup files to capture DoD-defined auditable events.

[edit]
set system syslog user * any emergency
set system syslog host <IP-syslog-server> any any
set system syslog host <IP-syslog-server> source-address <MGT-IP-Address>
set system syslog host <IP-syslog-server> log-prefix <host-name>
set system syslog file messages any info
set system syslog file messages authorization none
set system syslog file messages interactive-commands none
set system syslog file messages daemon none
set system syslog file User-Auth authorization any
set system syslog file interactive-commands interactive-commands any
set system syslog file processes daemon any
set system syslog file account-actions change-log any any
set file account-actions match “system login user”
set system syslog console any any

Check Contents

Verify logging has been enabled and configured.

[edit]
show system syslog

If a valid syslog host server and the syslog file names are not configured to capture "any" facility and "any" event, this is a finding.

Vulnerability Number

V-223191

Documentable

False

Rule Version

JUSX-DM-000040

Severity Override Guidance

Verify logging has been enabled and configured.

[edit]
show system syslog

If a valid syslog host server and the syslog file names are not configured to capture "any" facility and "any" event, this is a finding.

Check Content Reference

M

Target Key

4098

Comments