STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Juniper SRX Services Gateway must generate log records when administrator privileges are deleted.

DISA Rule

SV-223193r513271_rule

Vulnerability Number

V-223193

Group Title

SRG-APP-000499-NDM-000319

Rule Version

JUSX-DM-000042

Severity

CAT III

CCI(s)

• CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Weight

10

Fix Recommendation

Configure at least one external syslog host is configured to log facility change-log or any, and severity info or any.

[edit system syslog]
set host <syslog server address> any <info | any>

-OR-

[edit]
set host <syslog server address> change-log <info | any>

Check Contents

Verify the device logs change-log events of severity info or any to an external syslog server.

[edit]
show system syslog

host <syslog server address> {
any <info | any>;
source-address <device address>;
}

-OR-

host <syslog server address> {
change-log <info | any>;
source-address <device address>;
}

If an external syslog host is not configured to log facility change-log severity <info | any>, or configured for facility any severity <info | any>, this is a finding.

Vulnerability Number

V-223193

Documentable

False

Rule Version

JUSX-DM-000042

Severity Override Guidance

Verify the device logs change-log events of severity info or any to an external syslog server.

[edit]
show system syslog

host <syslog server address> {
any <info | any>;
source-address <device address>;
}

-OR-

host <syslog server address> {
change-log <info | any>;
source-address <device address>;
}

If an external syslog host is not configured to log facility change-log severity <info | any>, or configured for facility any severity <info | any>, this is a finding.

Check Content Reference

M

Target Key

4098

Comments