Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22549 | GEN007850 | SV-45988r2_rule | ECSC-1 | Medium |
Description |
---|
Dynamic DNS updates transmit unencrypted information about a system including its name and address and should not be used unless needed. |
STIG | Date |
---|---|
SUSE Linux Enterprise Server v11 for System z | 2015-01-26 |
Check Text ( C-43270r2_chk ) |
---|
If the "dhcp-client" package is not installed, this is not applicable. Verify the DHCP client is configured to not send dynamic DNS updates. Procedure: # rpm –q dhcp-client If DHCP client is found then issue following command to determine if the DHCP client sends dynamic DNS updates: # grep do-forward-updates /etc/dhclient.conf If the DHCP client is installed and the configuration file is not present, or contains do-forward-updates = “true”, then this is a finding |
Fix Text (F-39353r1_fix) |
---|
Edit or add the "/etc/dhclient.conf" file and add or edit the "do-forward-updates" setting to false. Procedure: # echo "do-forward-updates false;" >> /etc/dhclient.conf |