Detections
Analytics
BIND-9X-001910 - The BIND 9.x server implementation must be configured with a channel to send audit records to at least two remote syslogs.
Information
Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on a defined frequency helps to ensure, in the event of a catastrophic system failure, the audit records will be retained.This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records.
Solution
Configure the 'logging' statement to send audit logs to the syslog daemons.logging {
channel <syslog_channel> {
syslog <syslog_facility>;
};
category <category_name> { <syslog_channel>; };
};
logging {
channel <syslog_channel> {
syslog <syslog_facility>;
};
category <category_name> { <syslog_channel>; };
};
Note: It is recommended to use a local syslog facility (i.e., local0 -7) when configuring the syslog channel.
Restart the BIND 9.x process.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_BIND_9-x_V3R1_STIG.zip
Item Details
Audit Name: DISA BIND 9.x STIG v3r1
Category: AUDIT AND ACCOUNTABILITY
References: 800-53|AU-9(2), CAT|I, CCI|CCI-001348, Rule-ID|SV-272432r1123950_rule, STIG-ID|BIND-9X-001910, Vuln-ID|V-272432
Plugin: Unix
Control ID: 39ef1dc2ff4e1734cc401ce0c79781453618df5c5259d3d2e31c262daae7a08c