The Juniper router must be configured to generate an alert for all audit failure events.

From Juniper Router NDM Security Technical Implementation Guide

Associated with: CCI-001858

JUNI-ND-000990_rule The Juniper router must be configured to generate an alert for all audit failure events.

Vulnerability discussion

It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected. Alerts provide organizations with urgent messages. Real-time alerts provide these messages immediately (i.e., the time from event detection to alert occurs in seconds or less).

Check content

Review the router configuration to verify that it is compliant with this requirement as shown in the example below. system { syslog { host x.x.x.x { any critical; } } Note: The parameter "critical" can be replaced with a lesser severity level (i.e., error, warning, notice, info). If the router is not configured to generate an alert for all audit failure events, this is a finding.

Fix text

Configure the router to send critical to emergency log messages to the syslog server as shown in the example below. set syslog host x.x.x.x any critical Note: The parameter "critical" can replaced with a lesser severity level (i.e., error, warning, notice, info).

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.