Details

When External AAA is used Configuration Change events should be sent to configured accounting destinations.

Rationale:

To protect any asset, including a Juniper router, an audit trail of changes made to the devices configuration, when they were made and by whom is essential.

JUNOS can log these events to RADIUS and/or TACACS+ servers to allow reliable, centralized records to be kept for all of the devices in your network.

Solution

Configure Accounting of Logins and Configuration Changes by entering the following commands under the [edit system accounting] hierarchy;

[edit system accounting]
[email protected]#set events change-log

Default Value:

External accounting is not configured by default

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3069

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Juniper.

References

• 800-53|AU-3
• 800-53|AU-12
• CSCv7|6.2
• CSCv7|6.3

Source

• Tenable.com/audits