Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-12966 | DNS4480 | SV-13534r1_rule | ECCD-1 ECCD-2 | Medium |
Description |
---|
Weak permissions could allow an intruder to view or modify zone, configuration and/or program files. |
STIG | Date |
---|---|
BIND DNS | 2013-01-10 |
Check Text ( C-9625r1_chk ) |
---|
On BIND name servers, the following permissions must be set: named.run - owner: root, group: dnsgroup, permissions: 660 named_dump.db - owner: root, group: dnsgroup, permissions: 660 ndc (FIFO) - owner: root, group: dnsgroup, permissions: 660 ndc.d (directory containing ndc) - owner: root, group: dnsgroup, permissions: 700 The following must be set on log files: any log file - owner: dnsuser, group: dnsgroup, permissions: 660 The following must be set on TSIG keys: unique to each key - owner: dnsuser, group: dnsgroup, permissions: 400 |
Fix Text (F-12412r1_fix) |
---|
The SA will ensure that the file permissions on BIND 8 files as well as the log and TSIG key files are set in accordance with the DNS STIG requirements. |