Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-72441 | BIND-9X-001112 | SV-87065r1_rule | Medium |
Description |
---|
Weak permissions of a TSIG key file could allow an adversary to modify the file, thus defeating the security objective. |
STIG | Date |
---|---|
BIND 9.x Security Technical Implementation Guide | 2017-05-26 |
Check Text ( C-72643r1_chk ) |
---|
Verify permissions assigned to the TSIG keys enforce read-write access to the key owner and deny access to group or system users: With the assistance of the DNS Administrator, determine the location of the TSIG keys used by the BIND 9.x implementation: # ls –al -rw-------. 1 named named 76 May 10 20:35 tsig-example.key If the key files are more permissive than 600, this is a finding. |
Fix Text (F-78795r1_fix) |
---|
Change the permissions of the TSIG key files: # chmod 600 |