STIGQter: STIG Summary: BIND 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The BIND 9.x server software must run with restricted privileges.

DISA Rule

SV-207535r612253_rule

Vulnerability Number

V-207535

Group Title

SRG-APP-000516-DNS-000105

Rule Version

BIND-9X-001003

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the BIND 9.x process to run as a non-privileged user.

Restart the BIND 9.x process.

Check Contents

Verify the BIND 9.x process is not running as root:

# ps -ef | grep named

named 3015 1 0 12:59 ? 00:00:00 /usr/sbin/named -u named -t /var/named/chroot

If the output shows "/usr/sbin/named -u root", this is a finding.

Vulnerability Number

V-207535

Documentable

False

Rule Version

BIND-9X-001003

Severity Override Guidance

Verify the BIND 9.x process is not running as root:

# ps -ef | grep named

named 3015 1 0 12:59 ? 00:00:00 /usr/sbin/named -u named -t /var/named/chroot

If the output shows "/usr/sbin/named -u root", this is a finding.

Check Content Reference

M

Target Key

2926

Comments