STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-223215r513334_rule
V-223215
SRG-APP-000142-NDM-000245
JUSX-DM-000115
CAT II
10
If more than one account has an authentication stanza, and it is not documented, delete the authentication stanza (if the account is a template account) or the entire account (if the account is unauthorized or no longer needed).
To delete a template account:
[edit]
delete system login user <account name> authentication
commit
To delete an unneeded or unauthorized account:
[edit]
delete system login user <account name>
Verify only a single local account has an authentication stanza and that the name is the account of last resort.
[edit]
show system login
user <account of last resort> {
uid 2001;
class <appropriate class name>;
authentication { <--- This stanza permits local login
encrypted-password "$sha2$22895$aVBPaRVa$o6xIqNSYg9D7yt8pI47etAjZV9uuwHrhAFT6R021HNsy"; ## SECRET-DATA
}
}
OR
user <template account> {
uid 2001;
class <appropriate class name>;
}
If accounts other than the account of last resort contain an authentication stanza, and that account is not documented, this is a finding.
V-223215
False
JUSX-DM-000115
Verify only a single local account has an authentication stanza and that the name is the account of last resort.
[edit]
show system login
user <account of last resort> {
uid 2001;
class <appropriate class name>;
authentication { <--- This stanza permits local login
encrypted-password "$sha2$22895$aVBPaRVa$o6xIqNSYg9D7yt8pI47etAjZV9uuwHrhAFT6R021HNsy"; ## SECRET-DATA
}
}
OR
user <template account> {
uid 2001;
class <appropriate class name>;
}
If accounts other than the account of last resort contain an authentication stanza, and that account is not documented, this is a finding.
M
4098