STIGQter: STIG Summary: BIND 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The print-category variable for the configuration of BIND 9.x server logs must be configured to record information indicating which process generated the events.

DISA Rule

SV-207545r612253_rule

Vulnerability Number

V-207545

Group Title

SRG-APP-000097-DNS-000008

Rule Version

BIND-9X-001032

Severity

CAT III

CCI(s)

• CCI-000132 - The information system generates audit records containing information that establishes where the event occurred.

Weight

10

Fix Recommendation

Edit the "named.conf" file.

Add the "print-category" sub statement to the "channel" statement.

Configure the "print-category" sub statement to "yes"

Restart the BIND 9.x process.

Check Contents

For each logging channel that is defined, verify that the "print-category" sub statement is listed.

Inspect the "named.conf" file for the following:

logging {
channel channel_name {
print-category yes;
};
};

If the "print-category" statement is missing, this is a finding.

If the "print-category" statement is not set to "yes", this is a finding.

Vulnerability Number

V-207545

Documentable

False

Rule Version

BIND-9X-001032

Severity Override Guidance

For each logging channel that is defined, verify that the "print-category" sub statement is listed.

Inspect the "named.conf" file for the following:

logging {
channel channel_name {
print-category yes;
};
};

If the "print-category" statement is missing, this is a finding.

If the "print-category" statement is not set to "yes", this is a finding.

Check Content Reference

M

Target Key

2926

Comments