Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-253934 | JUEX-NM-000570 | SV-253934r879875_rule | Medium |
Description |
---|
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the network device (e.g., module or policy filter). |
STIG | Date |
---|---|
Juniper EX Series Switches Network Device Management Security Technical Implementation Guide | 2023-12-18 |
Check Text ( C-57386r843833_chk ) |
---|
Determine if the network device generates audit records for privileged activities or other system-level access. Junos logs all completed commands via the "interactive-commands" syslog facility and all configuration changes via "change-log". Successful and unsuccessful login attempts are logged using the "authorization" facility. Verify syslog is configured to capture these facilities using the logging level "info" or above. The lowest logging level, "any", is debug and will generate significant numbers of messages. The "any" logging facility (not to be confused with the severity level "any") includes authorization, change-log, and interactive-commands. Example configuration to generate audit records for privileged activities or other system-level access. [edit system syslog] file authorization info; change-log info; interactive-commands info; } host any info; explicit-priority; } time-format year millisecond; Note: The time-format command supports including the year and/or the time in milliseconds (both shown for clarity). The default format does not include the year and time is recorded in seconds. Syslog outputs in standard format unless the "structured-data" directive is configured. Verify the "structured-data" command for all files and external syslog servers requiring that format. For example: [edit system syslog] host authorization info; change-log info; interactive-commands info; structured-data; } file any info; structured-data; } If the network device does not generate audit records for privileged activities or other system-level access, this is a finding. |
Fix Text (F-57337r843834_fix) |
---|
Configure the network device to generate audit records for privileged activities or other system-level access. set system syslog host set system syslog host set system syslog file set system syslog time-format year |