STIGQter STIGQter: STIG Summary: BIND 9.x Security Technical Implementation Guide Version: 1 Release: 8 Benchmark Date: 24 Jan 2020: The core BIND 9.x server files must be owned by the root or BIND 9.x process account.

DISA Rule

SV-87101r2_rule

Vulnerability Number

V-72477

Group Title

SRG-APP-000516-DNS-000099

Rule Version

BIND-9X-001320

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Change the ownership of the files to the root or BIND 9.x process account.

# chown <account_name> <file>

Check Contents

Verify that the core BIND 9.x server files are owned by the root or BIND 9.x process account.

With the assistance of the DNS administrator, identify the following files:

named.conf
root hints
master zone file(s)
slave zone files(s)

Note: The name of the root hints file is defined in named.conf. Common names for the file are root.hints, named.cache, or db.cache.

If the identified files are not owned by the root or BIND 9.x process account, this is a finding.

Vulnerability Number

V-72477

Documentable

False

Rule Version

BIND-9X-001320

Severity Override Guidance

Verify that the core BIND 9.x server files are owned by the root or BIND 9.x process account.

With the assistance of the DNS administrator, identify the following files:

named.conf
root hints
master zone file(s)
slave zone files(s)

Note: The name of the root hints file is defined in named.conf. Common names for the file are root.hints, named.cache, or db.cache.

If the identified files are not owned by the root or BIND 9.x process account, this is a finding.

Check Content Reference

M

Target Key

3085

Comments