The Juniper SRX Services Gateway must ensure SSH is disabled for root user logon to prevent remote access using the root account.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-223212 | JUSX-DM-000112 | SV-223212r1043177_rule | CCI-000382 | medium |
| Description | ||||
| Since the identity of the root account is well-known for systems based upon Linux or UNIX and this account does not have a setting to limit access attempts, there is risk of a brute force attack on the password. Root access would give superuser access to an attacker. Preventing attackers from remotely accessing management functions using root account mitigates the risk that unauthorized individuals or processes may gain superuser access to information or privileges. A separate account should be used for access and then the administrator can sudo to root when necessary. | ||||
| STIG | Date | |||
| Juniper SRX Services Gateway NDM Security Technical Implementation Guide | 2024-12-20 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-7
1.00
- DISA · V3R3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.4.6
1.00
- DISA · V3R3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000382
1.00
- DISA · V3R3 · disa_xccdf · related
Details
Check Text (C-223212r1043177_chk)
Use the CLI to view this setting for disabled for SSH.
[edit]
show system services ssh root-login
If SSH is not disabled for the root user, this is a finding.
Fix Text (F-24873r513324_fix)
From the configuration mode, enter the following commands to disable root-login using SSH.
[edit]
set system services ssh root-login deny