Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    Configuring Security Role Administrator Accounts

    This topic describes how to configure a security role administrator account and then a user with this role, which is required for Common Criteria evaluation.

    • Before you begin, log in with your root account to an SRX Series device running Junos OS Release 12.1X44-D15.

    Note: You can enter the configuration commands in any order and commit all the commands at once.

    To configure a security role administrator account:

    1. Create a login class named security-admin with permissions all.
      [edit]root@host# set system login class security-admin permissions all
    2. Specify the commands to deny for the newly created security-admin class.
      [edit system login class security-admin]root@host# set deny-commands "^clear (log|security log)|^request (security|system set-encryption-key)|^rollback|^start shell"
    3. Specify the Common Criteria security role for the security-admin class.
      [edit system login class security-admin]root@host# set security-role security-administrator
    4. Specify the object path of the regular expressions to deny.
      [edit system login class security-admin]root@host# set deny-configuration-regexps "security (ike|ipsec) (policy|proposal)" "security ipsec ^vpn$ .* manual (authentication|encryption|protocol|spi)" "security log cache"
    5. Enter the username, user ID, login class, and authentication method of the user.
      [edit system login]root@host# set user security-officer uid 2003root@host# set user security-officer class security-adminroot@host# set user security-officer authentication plain-text-password plain-text-password
     

    Related Documentation

     

    Published: 2013-12-10