STIGQter STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Juniper SRX Services Gateway must reveal log messages or management console alerts only to the ISSO, ISSM, and SA roles).

DISA Rule

SV-229029r518265_rule

Vulnerability Number

V-229029

Group Title

SRG-APP-000516-NDM-000317

Rule Version

JUSX-DM-000165

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure login classes and permissions and assign only authorized users to each class.

[edit]
show system login

If any classes are mapped to the audit-admin, security-admin, or system-admin login templates, delete the command from the class by typing delete in front of the command or retyping the command with the permission removed from the list.

Example configuration:
set system login class audit-admin allow-commands "(show log *)|(clear log *)|(monitor
log *)"
set system login class audit-admin allow-configuration "(system syslog)"
set system login class emergency permissions all
set system login class emergency login-alarms
set system login class security-admin login-alarms
set system login class system-admin login-alarms

Check Contents

Obtain a list of authorized user names that are authorized to view the audit log and console notification messages. Verify classes are created that separate administrator roles based on authorization. View user classes and class members by typing the following commands.

[edit]
show system login

View class assignment for all users and template users configured on the Juniper SRX. Users with login classes audit-admin, security-admin, and system-admin have permission to view error message in logs and/or notifications.

If classes or users that are not authorized to have access to the logs (e.g., crypto-admin) have permissions to view or access error message in logs and/or notifications, this is a finding.

Vulnerability Number

V-229029

Documentable

False

Rule Version

JUSX-DM-000165

Severity Override Guidance

Obtain a list of authorized user names that are authorized to view the audit log and console notification messages. Verify classes are created that separate administrator roles based on authorization. View user classes and class members by typing the following commands.

[edit]
show system login

View class assignment for all users and template users configured on the Juniper SRX. Users with login classes audit-admin, security-admin, and system-admin have permission to view error message in logs and/or notifications.

If classes or users that are not authorized to have access to the logs (e.g., crypto-admin) have permissions to view or access error message in logs and/or notifications, this is a finding.

Check Content Reference

M

Target Key

4098

Comments