Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-3620 | DNS4470 | SV-3620r1_rule | ECCD-1 ECCD-2 | Medium |
Description |
---|
Weak permissions could allow an intruder to view or modify zone, configuration and/or program files. |
STIG | Date |
---|---|
BIND DNS STIG | 2015-10-01 |
Check Text ( C-3465r1_chk ) |
---|
Using the ls –l command from the directory containing the core BIND files, check that the permissions for the files listed are at least as restrictive as those listed: named.conf - owner: root, group: dnsgroup, permissions: 640 named.pid - owner: root, group: dnsgroup, permissions: 600 root hints - owner: root, group: dnsgroup, permissions: 640 master zone file - owner: root, group: dnsgroup, permissions: 640 slave zone file - owner: root, group: dnsgroup, permissions: 660 The name of the root hints file is defined in named.conf. Common names for the file are root.hints, named.cache, or db.cache. |
Fix Text (F-3551r1_fix) |
---|
The SA should modify permissions so that they are at least as restrictive as specified in the DNS STIG. |