STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

In the event that communications with the events server is lost, the Juniper SRX Services Gateway must continue to queue log records locally.

DISA Rule

SV-229023r518247_rule

Vulnerability Number

V-229023

Group Title

SRG-APP-000516-NDM-000317

Rule Version

JUSX-DM-000061

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001686 - The information system notifies organization-defined personnel or roles for account removal actions.

Weight

10

Fix Recommendation

The following example commands configure local backup files to capture DoD-defined auditable events.

[edit]
set system syslog file messages any info
set system syslog file messages authorization none
set system syslog file messages interactive-commands none
set system syslog file messages daemon none
set system syslog file User-Auth authorization any
set system syslog file interactive-commands interactive-commands any
set system syslog file processes daemon any
set system syslog file account-actions change-log any any
set file account-actions match “system login user�
set system syslog console any any

Check Contents

Verify logging has been enabled and configured to capture to local log files in case connection with the primary and secondary log servers is lost.

[edit]
show system syslog

If local log files are not configured to capture events, this is a finding.

Vulnerability Number

V-229023

Documentable

False

Rule Version

JUSX-DM-000061

Severity Override Guidance

Verify logging has been enabled and configured to capture to local log files in case connection with the primary and secondary log servers is lost.

[edit]
show system syslog

If local log files are not configured to capture events, this is a finding.

Check Content Reference

M

Target Key

4098

Comments