The Juniper EX switch must be configured to offload audit records onto a different system or media than the system being audited.

An XCCDF Rule

Description

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity. Archiving is not required unless space is limited in the audit server.

ID: SV-253937r961860_rule
Version: JUEX-NM-000600
Severity: Medium
References: CCI-001851
Updated: 24 days ago

Remediation Templates

Archiving is not required unless space is limited in the audit server. Configure the network device to offload audit records onto a different system or media than the system being audited.

set file <file name> any info
set system syslog file <file name> any info
set system syslog file <file name> archive size <65536..1073741824 bytes>
set system syslog file <file name> archive files <1..1000>set system syslog file <file name> archive transfer-interval <5..2880 minutes>
set system syslog file <file name> archive start-time "<yyyy-mm-dd.hh:mm>"
set system syslog file <file name> archive archive-sites "<scp|sftp>://<username>@<repository address>/<path without trailing slash (/)>" password "<PSK>"
set system syslog host <external syslog address> any info

The Juniper EX switch must be configured to offload audit records onto a different system or media than the system being audited.

Description

Remediation Templates

A Manual Procedure