STIGQter STIGQter: STIG Summary: BIND 9.x Security Technical Implementation Guide Version: 1 Release: 8 Benchmark Date: 24 Jan 2020: The BIND 9.x server implementation must not be configured with a channel to send audit records to null.

DISA Rule

SV-87003r1_rule

Vulnerability Number

V-72379

Group Title

SRG-APP-000125-DNS-000012

Rule Version

BIND-9X-001017

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Edit the "named.conf" file.

Remove any instance of the following:

category null { null; };

Restart the BIND 9.x process.

Check Contents

Verify that the BIND 9.x server is not configured to send audit logs to the null channel.

Inspect the "named.conf" file for the following:

category null { null; }

If there is a category defined to send audit logs to the "null" channel, this is a finding.

Vulnerability Number

V-72379

Documentable

False

Rule Version

BIND-9X-001017

Severity Override Guidance

Verify that the BIND 9.x server is not configured to send audit logs to the null channel.

Inspect the "named.conf" file for the following:

category null { null; }

If there is a category defined to send audit logs to the "null" channel, this is a finding.

Check Content Reference

M

Target Key

3085

Comments