Juniper operating system (Junos) compliance checks are bracketed in custom_item encapsulation and either CONFIG_CHECK or SHOW_CONFIG_CHECK. These are treated like any other .audit files and work for systems running Junos. The CONFIG_CHECK check consists of two or more keywords. Keywords type and description are mandatory, which are followed by one or more keywords. The check works by auditing the config in the “set” format.

The config in “set” format can be obtained by appending “display set” to the “show configuration” request. For example:

show configuration | display set

admin> show configuration | display set

set version 10.2R3.10

set system time-zone GMT

set system no-ping-record-route

set system root-authentication encrypted-password "$1$hSGSlnwfdsdfdfsdfsdf43534"