STIGQter: STIG Summary: BIND 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: BIND 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-207569r612253_rule
V-207569
SRG-APP-000231-DNS-000033
BIND-9X-001131
CAT II
10
Change the group ownership of the DNSSEC keys to the named process is running as.
# chgrp <named_proccess_group> <DNSSEC_key_file>.
If the server is in a classified network, this is Not Applicable.
With the assistance of the DNS Administrator, identify all of the DNSSEC keys used by the BIND 9.x implementation.
Identify the account that the "named" process is running as:
# ps -ef | grep named
named 3015 1 0 12:59 ? 00:00:00 /usr/sbin/named -u named -t /var/named/chroot
With the assistance of the DNS Administrator, determine the location of the DNSSEC keys used by the BIND 9.x implementation.
# ls –al <DNSSEC_Key_Location>
-r--------. 1 named named 76 May 10 20:35 DNSSEC-example.key
If any of the DNSSEC keys are not group owned by the above account, this is a finding.
V-207569
False
BIND-9X-001131
If the server is in a classified network, this is Not Applicable.
With the assistance of the DNS Administrator, identify all of the DNSSEC keys used by the BIND 9.x implementation.
Identify the account that the "named" process is running as:
# ps -ef | grep named
named 3015 1 0 12:59 ? 00:00:00 /usr/sbin/named -u named -t /var/named/chroot
With the assistance of the DNS Administrator, determine the location of the DNSSEC keys used by the BIND 9.x implementation.
# ls –al <DNSSEC_Key_Location>
-r--------. 1 named named 76 May 10 20:35 DNSSEC-example.key
If any of the DNSSEC keys are not group owned by the above account, this is a finding.
M
2926