STIGQter STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 26 Jul 2019: The Juniper SRX Services Gateway must enable log record generation for DoD-defined auditable events within the Juniper SRX Service Gateway.

DISA Rule

SV-80965r1_rule

Vulnerability Number

V-66475

Group Title

SRG-APP-000089-NDM-000221

Rule Version

JUSX-DM-000038

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The following example commands configure Syslog and local backup files to capture DoD-defined auditable events.

[edit]
set system syslog user * any emergency
set system syslog host <IP-syslog-server> any any
set system syslog host <IP-syslog-server> source-address <MGT-IP-Address>
set system syslog host <IP-syslog-server> log-prefix <host-name>
set system syslog file messages any info
set system syslog file messages authorization info
set system syslog file User-Auth authorization any
set system syslog file User-Auth interactive-commands any
set system syslog file audit interactive-commands any
set system syslog file processes daemon any
set system syslog console any any
set system syslog file account-actions change-log any any
set system syslog file account-actions match “system login user”

Check Contents

Verify logging has been enabled and configured.

[edit] show system syslog

If a syslog host server has not been configured to capture DoD-defined auditable events, this is a finding.

Vulnerability Number

V-66475

Documentable

False

Rule Version

JUSX-DM-000038

Severity Override Guidance

Verify logging has been enabled and configured.

[edit] show system syslog

If a syslog host server has not been configured to capture DoD-defined auditable events, this is a finding.

Check Content Reference

M

Target Key

3039

Comments