4.4 Restrict Access to All Key Files - permissions

Information

The TSIG keys should be readable only by the named and root accounts. No other user accounts or groups should have read access. Note that BIND often creates a session key on startup for usage by nsupdate -l. Both the $BIND_HOME and $RUNDIR are included since the session key should also have the recommended permissions.

Rationale:

The secret key protects the authenticity and integrity of TSIG communications and disclosure of a key would allow an attacker to perform the authenticated operations such as rndc administrative operations, zone transfers or dynamic updates.

Solution

Perform the following for remediation:

Use the command below to find secret key files. Review the list of key files, and delete any unused or unnecessary key files. Recreate the file list, after deleting any unused files.

# find $BIND_HOME $RUNDIR -type f | xargs fgrep -l secret | sort -u > $TMPDIR/key_files.txt

Change the ownership, group and permissions on the key files.

# xargs -a $TMPDIR/key_files.txt chown -R root
# xargs -a $TMPDIR/key_files.txt chgrp -R named
# xargs -a $TMPDIR/key_files.txt chmod o-r

Remove the temporary file,

rm $TMPDIR/key_files.txt

Default Value:

Ownership, Group and Permissions are correct for any default key files.

See Also

https://workbench.cisecurity.org/files/2997