UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Juniper SRX Services Gateway must ensure access to start a UNIX-level shell is restricted to only the root account.


Overview

Finding ID Version Rule ID IA Controls Severity
V-66507 JUSX-DM-000113 SV-80997r1_rule Medium
Description
Restricting the privilege to create a UNIX-level shell limits access to this powerful function. System administrators, regardless of their other permissions, will need to also know the root password for this access, thus limiting the possibility of malicious or accidental circumvention of security controls.
STIG Date
Juniper SRX SG NDM Security Technical Implementation Guide 2017-01-05

Details

Check Text ( C-67151r1_chk )
Verify each login class is configured to deny access to the UNIX shell.

[edit]
show system login

If each configured login class is not configured to deny access to the UNIX shell, this is a finding.
Fix Text (F-72581r1_fix)
For each login class, add the following command to the stanza.

[edit]
set system login class deny-commands "(start shell)"