Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-3619 | DNS4460 | SV-3619r1_rule | ECLP-1 | Low |
Description |
---|
If an intruder gains access to a command shell, the intruder may be able to execute unauthorized commands. |
STIG | Date |
---|---|
BIND DNS | 2013-07-08 |
Check Text ( C-3464r1_chk ) |
---|
The SA should enter the following command (this command assumes that named is running as user dnsuser): grep dnsuser /etc/passwd Based on the command output, the reviewer can identify whether a shell exists for dnsuser. The shell should be /dev/null or /bin/false. If it is a legitimate shell, then this is a finding. |
Fix Text (F-3550r1_fix) |
---|
The SA should edit /etc/passwd and change the shell of the DNS user account to /bin/false, /dev/null, or an alternative producing a similar effect. |