Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-207565 | BIND-9X-001112 | SV-207565r612253_rule | Medium |
Description |
---|
Weak permissions of a TSIG key file could allow an adversary to modify the file, thus defeating the security objective. |
STIG | Date |
---|---|
BIND 9.x Security Technical Implementation Guide | 2020-12-10 |
Check Text ( C-7820r283749_chk ) |
---|
Verify permissions assigned to the TSIG keys enforce read-write access to the key owner and deny access to group or system users: With the assistance of the DNS Administrator, determine the location of the TSIG keys used by the BIND 9.x implementation: # ls –al -rw-------. 1 named named 76 May 10 20:35 tsig-example.key If the key files are more permissive than 600, this is a finding. |
Fix Text (F-7820r283750_fix) |
---|
Change the permissions of the TSIG key files: # chmod 600 |