UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

ISC BIND is not configured to run as a dedicated non-privileged service user account.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3621 DNS4530 SV-3621r1_rule ECLP-1 Medium
Description
If an intruder gains control of named (BIND), then the intruder will acquire the privileges of the user ID under which it runs. Running as a non-privileged user account limits the extent of any breach. When BIND runs as SYSTEM (the default) intruders gain full control of the system.
STIG Date
BIND DNS 2013-01-10

Details

Check Text ( C-3443r1_chk )
The reviewer will validate ISC BIND is configured to run as a dedicated non-privileged service user account. Select the “Log On” tab of the properties of the ISC BIND service. If the ISC BIND service logs on as the “Local System account”, then this is a finding.
Fix Text (F-3552r1_fix)
The SA should create a new user account dedicated to DNS, configure it per the DNS STIG, configure the ISC BIND service to logon as the new user account, and then restart the ISC BIND Service.