Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-91187 | JUNI-ND-001340 | SV-101287r1_rule | Medium |
Description |
---|
Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; to recognize resource utilization or capacity thresholds; or to identify an improperly configured network device. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis. |
STIG | Date |
---|---|
Juniper Router NDM Security Technical Implementation Guide | 2020-06-03 |
Check Text ( C-90341r2_chk ) |
---|
Review the router configuration to verify that it is compliant with this requirement. The example below illustrates how selected events can be logged. syslog { file LOG_FILE { authorization info; security info; firewall info; change-log info; } } Note: A syslog server can be configured in lieu of logging to a file as shown in the example below. system { syslog { host x.x.x.x { authorization info; security info; firewall info; change-log info; } } If the router is not configured to generate log records for a locally developed list of auditable events, this is a finding. |
Fix Text (F-97385r2_fix) |
---|
Configure the router to generate log records for a locally developed list of auditable events as shown in the example below. [edit system] set syslog file LOG_FILE authorization info set syslog file LOG_FILE security info set syslog file LOG_FILE firewall info set syslog file LOG_FILE change-log info Note: A syslog server can be configured in lieu of logging to a file as shown in the example below. set syslog host x.x.x.x authorization info set syslog host x.x.x.x security info set syslog host x.x.x.x firewall info set syslog host x.x.x.x change-log info |