STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

For local accounts created on the device, the Juniper SRX Services Gateway must automatically generate log records for account removal events.

DISA Rule

SV-223184r513247_rule

Vulnerability Number

V-223184

Group Title

SRG-APP-000029-NDM-000211

Rule Version

JUSX-DM-000018

Severity

CAT II

CCI(s)

• CCI-001405 - The information system automatically audits account removal actions.

Weight

10

Fix Recommendation

Configure at least one external syslog host is configured to log facility change-log or any, and severity info or any.

[edit system syslog]
set host <syslog server address> any <info | any>

-OR-

[edit]
set host <syslog server address> change-log <info | any>

Check Contents

Verify the device logs change-log events of severity info or any to an external syslog server.

[edit]
show system syslog

host <syslog server address> {
any <info | any>;
source-address <device address>;
}

-OR-

host <syslog server address> {
change-log <info | any>;
source-address <device address>;
}

If an external syslog host is not configured to log facility change-log severity <info | any>, or configured for facility any severity <info | any>, this is a finding.

Vulnerability Number

V-223184

Documentable

False

Rule Version

JUSX-DM-000018

Severity Override Guidance

Verify the device logs change-log events of severity info or any to an external syslog server.

[edit]
show system syslog

host <syslog server address> {
any <info | any>;
source-address <device address>;
}

-OR-

host <syslog server address> {
change-log <info | any>;
source-address <device address>;
}

If an external syslog host is not configured to log facility change-log severity <info | any>, or configured for facility any severity <info | any>, this is a finding.

Check Content Reference

M

Target Key

4098

Comments