STIGQter: STIG Summary: BIND 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The BIND 9.x server logging configuration must be configured to generate audit records for all DoD-defined auditable events to a local file by enabling triggers for all events with a severity of info, notice, warning, error, and critical for all DNS components.

DISA Rule

SV-207541r612253_rule

Vulnerability Number

V-207541

Group Title

SRG-APP-000089-DNS-000005

Rule Version

BIND-9X-001020

Severity

CAT III

CCI(s)

• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.

Weight

10

Fix Recommendation

Edit the "named.conf" file.

Add the "severity" sub statement to the "channel" statement.

Configure the "severity" sub statement to "info"

Restart the BIND 9.x process.

Check Contents

Verify the name server is configured to generate all DoD-defined audit records.

Inspect the "named.conf" file for the following:

logging {
channel channel_name {
severity info;
};
};

If a channel is not configured to log messages with the severity of info and higher, this is a finding.

Note: "info" is the lowest severity level and will automatically log all messages with a severity of "info" or higher.

Vulnerability Number

V-207541

Documentable

False

Rule Version

BIND-9X-001020

Severity Override Guidance

Verify the name server is configured to generate all DoD-defined audit records.

Inspect the "named.conf" file for the following:

logging {
channel channel_name {
severity info;
};
};

If a channel is not configured to log messages with the severity of info and higher, this is a finding.

Note: "info" is the lowest severity level and will automatically log all messages with a severity of "info" or higher.

Check Content Reference

M

Target Key

2926

Comments