STIGQter STIGQter: STIG Summary: Juniper Router NDM Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 24 Jul 2020:

The Juniper router must be configured to protect audit information from unauthorized deletion.

DISA Rule

SV-101221r1_rule

Vulnerability Number

V-91121

Group Title

SRG-APP-000120-NDM-000237

Rule Version

JUNI-ND-000390

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure one or more classes as shown in the example below whose users will not be permitted to delete files or make changes to logging parameters.

[edit system]
set login class JR_ENGINEER permissions all
set login class JR_ENGINEER deny-configuration "(system syslog)"
set login class JR_ENGINEER deny-commands “(file delete)”

Check Contents

Review the router configuration to verify that it is compliant with this requirement. The configuration example below depicts a class "JR_ENGINEER" which does not permit users belonging to the class to delete files or make changes to logging parameters.

login {
class JR_ENGINEER {
permissions all;
deny-commands "(file delete)";
deny-configuration "(system syslog)";
}
}

Note: The predefined classes "Operator" and "Read-only" do not have permissions to delete files.

If the router is not configured to protect audit information from unauthorized deletion, this is a finding.

Vulnerability Number

V-91121

Documentable

False

Rule Version

JUNI-ND-000390

Severity Override Guidance

Review the router configuration to verify that it is compliant with this requirement. The configuration example below depicts a class "JR_ENGINEER" which does not permit users belonging to the class to delete files or make changes to logging parameters.

login {
class JR_ENGINEER {
permissions all;
deny-commands "(file delete)";
deny-configuration "(system syslog)";
}
}

Note: The predefined classes "Operator" and "Read-only" do not have permissions to delete files.

If the router is not configured to protect audit information from unauthorized deletion, this is a finding.

Check Content Reference

M

Target Key

3381

Comments