STIGQter: STIG Summary: BIND 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

A BIND 9.x server implementation must be running in a chroot(ed) directory structure.

DISA Rule

SV-207532r612253_rule

Vulnerability Number

V-207532

Group Title

SRG-APP-000243-DNS-000034

Rule Version

BIND-9X-000001

Severity

CAT III

CCI(s)

• CCI-001090 - The information system prevents unauthorized and unintended information transfer via shared system resources.

Weight

10

Fix Recommendation

Configure the BIND 9.x server to operate in a chroot(ed) directory structure.

Check Contents

Verify the directory structure where the primary BIND 9.x Server configuration files are stored is running in a chroot(ed) environment:

# ps -ef | grep named

named 3015 1 0 12:59 ? 00:00:00 /usr/sbin/named -u named -t /var/named/chroot

If the output does not contain "-t <chroot_path>", this is a finding.

Vulnerability Number

V-207532

Documentable

False

Rule Version

BIND-9X-000001

Severity Override Guidance

Verify the directory structure where the primary BIND 9.x Server configuration files are stored is running in a chroot(ed) environment:

# ps -ef | grep named

named 3015 1 0 12:59 ? 00:00:00 /usr/sbin/named -u named -t /var/named/chroot

If the output does not contain "-t <chroot_path>", this is a finding.

Check Content Reference

M

Target Key

2926

Comments