STIGQter: STIG Summary: BIND 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: BIND 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-207568r612253_rule
V-207568
SRG-APP-000231-DNS-000033
BIND-9X-001130
CAT II
10
Change the ownership of the DNSSEC keys to the named process is running as.
# chown <named_proccess_owner> <DNSSEC_key_file>.
If the server is in a classified network, this is Not Applicable.
With the assistance of the DNS Administrator, identify all of the DNSSEC keys used by the BIND 9.x implementation.
Identify the account that the "named" process is running as:
# ps -ef | grep named
named 3015 1 0 12:59 ? 00:00:00 /usr/sbin/named -u named -t /var/named/chroot
With the assistance of the DNS Administrator, determine the location of the DNSSEC keys used by the BIND 9.x implementation.
# ls –al <DNSSEC_Key_Location>
-r--------. 1 named named 76 May 10 20:35 DNSSEC-example.key
If any of the DNSSEC keys are not owned by the above account, this is a finding.
V-207568
False
BIND-9X-001130
If the server is in a classified network, this is Not Applicable.
With the assistance of the DNS Administrator, identify all of the DNSSEC keys used by the BIND 9.x implementation.
Identify the account that the "named" process is running as:
# ps -ef | grep named
named 3015 1 0 12:59 ? 00:00:00 /usr/sbin/named -u named -t /var/named/chroot
With the assistance of the DNS Administrator, determine the location of the DNSSEC keys used by the BIND 9.x implementation.
# ls –al <DNSSEC_Key_Location>
-r--------. 1 named named 76 May 10 20:35 DNSSEC-example.key
If any of the DNSSEC keys are not owned by the above account, this is a finding.
M
2926