BIND-9X-001180 - The read and write access to a TSIG key file used by a BIND 9.x server must be restricted to only the account that runs the name server software.

Information

Weak permissions of a TSIG key file could allow an adversary to modify the file, thus defeating the security objective.

Solution

Change the permissions of the TSIG key files:

# chmod 640 <TSIG_key_file>

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_BIND_9-x_V3R1_STIG.zip

Item Details

Audit Name: DISA BIND 9.x STIG v3r1

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(2)(b), CAT|II, CCI|CCI-000186, Rule-ID|SV-272375r1123858_rule, STIG-ID|BIND-9X-001180, Vuln-ID|V-272375

Plugin: Unix

Control ID: feb19c3b34c2d721cd2f32d9641dc90c40e52b798b5d08a260ef472d625886fc