Allowing anyone to install software, without explicit privileges, creates the risk that untested or potentially malicious software will be installed on the system. This requirement applies to code changes and upgrades for all network devices. NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Configure one or more classes as shown in the example below whose users will not be permitted to add or change software installed on the router. [edit system] set login class JR_ENGINEER permissions all set login class JR_ENGINEER deny-commands '(request system software)' Note: The predefined classes operator and Read-only do not have permissions to install software.