STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 3 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 3 Release: 3 Benchmark Date: 23 Apr 2021:SV-204608r603261_rule
V-204608
SRG-OS-000480-GPOS-00227
RHEL-07-040600
CAT III
10
Configure the operating system to use two or more name servers for DNS resolution.
Edit the "/etc/resolv.conf" file to uncomment or add the two or more "nameserver" option lines with the IP address of local authoritative name servers. If local host resolution is being performed, the "/etc/resolv.conf" file must be empty. An empty "/etc/resolv.conf" file can be created as follows:
# echo -n > /etc/resolv.conf
And then make the file immutable with the following command:
# chattr +i /etc/resolv.conf
If the "/etc/resolv.conf" file must be mutable, the required configuration must be documented with the Information System Security Officer (ISSO) and the file must be verified by the system file integrity tool.
Determine whether the system is using local or DNS name resolution with the following command:
# grep hosts /etc/nsswitch.conf
hosts: files dns
If the DNS entry is missing from the host's line in the "/etc/nsswitch.conf" file, the "/etc/resolv.conf" file must be empty.
Verify the "/etc/resolv.conf" file is empty with the following command:
# ls -al /etc/resolv.conf
-rw-r--r-- 1 root root 0 Aug 19 08:31 resolv.conf
If local host authentication is being used and the "/etc/resolv.conf" file is not empty, this is a finding.
If the DNS entry is found on the host's line of the "/etc/nsswitch.conf" file, verify the operating system is configured to use two or more name servers for DNS resolution.
Determine the name servers used by the system with the following command:
# grep nameserver /etc/resolv.conf
nameserver 192.168.1.2
nameserver 192.168.1.3
If less than two lines are returned that are not commented out, this is a finding.
Verify that the "/etc/resolv.conf" file is immutable with the following command:
# sudo lsattr /etc/resolv.conf
----i----------- /etc/resolv.conf
If the file is mutable and has not been documented with the Information System Security Officer (ISSO), this is a finding.
V-204608
False
RHEL-07-040600
Determine whether the system is using local or DNS name resolution with the following command:
# grep hosts /etc/nsswitch.conf
hosts: files dns
If the DNS entry is missing from the host's line in the "/etc/nsswitch.conf" file, the "/etc/resolv.conf" file must be empty.
Verify the "/etc/resolv.conf" file is empty with the following command:
# ls -al /etc/resolv.conf
-rw-r--r-- 1 root root 0 Aug 19 08:31 resolv.conf
If local host authentication is being used and the "/etc/resolv.conf" file is not empty, this is a finding.
If the DNS entry is found on the host's line of the "/etc/nsswitch.conf" file, verify the operating system is configured to use two or more name servers for DNS resolution.
Determine the name servers used by the system with the following command:
# grep nameserver /etc/resolv.conf
nameserver 192.168.1.2
nameserver 192.168.1.3
If less than two lines are returned that are not commented out, this is a finding.
Verify that the "/etc/resolv.conf" file is immutable with the following command:
# sudo lsattr /etc/resolv.conf
----i----------- /etc/resolv.conf
If the file is mutable and has not been documented with the Information System Security Officer (ISSO), this is a finding.
M
2899