STIGQter STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 26 Jul 2019: In the event that communications with the events server is lost, the Juniper SRX Services Gateway must continue to queue log records locally.

DISA Rule

SV-80971r1_rule

Vulnerability Number

V-66481

Group Title

SRG-APP-000109-NDM-000233

Rule Version

JUSX-DM-000061

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The following example commands configure local backup files to capture DoD-defined auditable events.

[edit]
set system syslog file messages any info
set system syslog file messages authorization none
set system syslog file messages interactive-commands none
set system syslog file messages daemon none
set system syslog file User-Auth authorization any
set system syslog file interactive-commands interactive-commands any
set system syslog file processes daemon any
set system syslog file account-actions change-log any any
set file account-actions match “system login user”
set system syslog console any any

Check Contents

Verify logging has been enabled and configured to capture to local log files in case connection with the primary and secondary log servers is lost.

[edit]
show system syslog

If local log files are not configured to capture events, this is a finding.

Vulnerability Number

V-66481

Documentable

False

Rule Version

JUSX-DM-000061

Severity Override Guidance

Verify logging has been enabled and configured to capture to local log files in case connection with the primary and secondary log servers is lost.

[edit]
show system syslog

If local log files are not configured to capture events, this is a finding.

Check Content Reference

M

Target Key

3039

Comments