UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Juniper EX switch must be configured to generate audit records for privileged activities or other system-level access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-253934 JUEX-NM-000570 SV-253934r879875_rule Medium
Description
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the network device (e.g., module or policy filter).
STIG Date
Juniper EX Series Switches Network Device Management Security Technical Implementation Guide 2023-03-23

Details

Check Text ( C-57386r843833_chk )
Determine if the network device generates audit records for privileged activities or other system-level access.

Junos logs all completed commands via the "interactive-commands" syslog facility and all configuration changes via "change-log". Successful and unsuccessful login attempts are logged using the "authorization" facility. Verify syslog is configured to capture these facilities using the logging level "info" or above. The lowest logging level, "any", is debug and will generate significant numbers of messages. The "any" logging facility (not to be confused with the severity level "any") includes authorization, change-log, and interactive-commands.

Example configuration to generate audit records for privileged activities or other system-level access.

[edit system syslog]
file {
authorization info;
change-log info;
interactive-commands info;
}
host {
any info;
explicit-priority;
}
time-format year millisecond;
Note: The time-format command supports including the year and/or the time in milliseconds (both shown for clarity). The default format does not include the year and time is recorded in seconds.

Syslog outputs in standard format unless the "structured-data" directive is configured. Verify the "structured-data" command for all files and external syslog servers requiring that format. For example:

[edit system syslog]
host {
authorization info;
change-log info;
interactive-commands info;
structured-data;
}
file {
any info;
structured-data;
}

If the network device does not generate audit records for privileged activities or other system-level access, this is a finding.
Fix Text (F-57337r843834_fix)
Configure the network device to generate audit records for privileged activities or other system-level access.

set system syslog host any info
set system syslog host explicit-priority
set system syslog file any info
set system syslog time-format year