STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Juniper SRX Services Gateway must ensure access to start a UNIX-level shell is restricted to only the root account.

DISA Rule

SV-223213r513328_rule

Vulnerability Number

V-223213

Group Title

SRG-APP-000142-NDM-000245

Rule Version

JUSX-DM-000113

Severity

CAT II

CCI(s)

• CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Weight

10

Fix Recommendation

For each login class, add the following command to the stanza.

[edit]
set system login class <class name> deny-commands "(start shell)"

Check Contents

Verify each login class is configured to deny access to the UNIX shell.

[edit]
show system login

If each configured login class is not configured to deny access to the UNIX shell, this is a finding.

Vulnerability Number

V-223213

Documentable

False

Rule Version

JUSX-DM-000113

Severity Override Guidance

Verify each login class is configured to deny access to the UNIX shell.

[edit]
show system login

If each configured login class is not configured to deny access to the UNIX shell, this is a finding.

Check Content Reference

M

Target Key

4098

Comments