BIND - TNS BIND Best Practices Audit v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: BIND - TNS BIND Best Practices Audit v1.0.0

Updated: 3/1/2021

Authority: TNS

Plugin: Unix

Revision: 1.10

Estimated Item Count: 39

File Details

Filename: TNS_BIND_Best_Practices_v1.0.0.audit

Size: 64.8 kB

MD5: 6761634a0f785931505f0671a684c1eb

SHA256: c5e9b9496d1c3b9006830607d2fd62b8af4fbead8747ad4416d4ebfa7bc72b55

Audit Items

Description	Categories
1 - Name Server Roles and Architecture
2 - Utilize a Split-Horizon Architecture
3 - Slave DNS servers
4 - Validate Name Registration Security
5 - Secure DNS service operating platform
6 - Verify Security of Forwarding Partners	SYSTEM AND COMMUNICATIONS PROTECTION
7 - Secure installation on Solaris.
8 - Run BIND as a non-root user	ACCESS CONTROL
9 - Isolate BIND via chroot or Solaris Zones	SYSTEM AND COMMUNICATIONS PROTECTION
10 - RedHat bind-chroot Rpm	CONFIGURATION MANAGEMENT
11 - Set permissions on BIND chroot-ed directories	CONFIGURATION MANAGEMENT
12 - Restrict BIND Access with SELinux - named_disable_trans	ACCESS CONTROL
12 - Restrict BIND Access with SELinux - named_write_master_zones	ACCESS CONTROL
12 - Restrict BIND Access with SELinux - SELINUX	ACCESS CONTROL
12 - Restrict BIND Access with SELinux - SELINUXTYPE	ACCESS CONTROL
13 - Restrict BIND Access Within Solaris - data permissions	CONFIGURATION MANAGEMENT
13 - Restrict BIND Access Within Solaris - log permissions	CONFIGURATION MANAGEMENT
13 - Restrict BIND Access Within Solaris - named ownership	CONFIGURATION MANAGEMENT
13 - Restrict BIND Access Within Solaris - named permissions	CONFIGURATION MANAGEMENT
13 - Restrict BIND Access Within Solaris - tmp permissions	CONFIGURATION MANAGEMENT
14 - Hide BIND Version String	SYSTEM AND COMMUNICATIONS PROTECTION
15 - Restrict Recursive Queries	SYSTEM AND COMMUNICATIONS PROTECTION
16 - Restrict Query Origins	SYSTEM AND COMMUNICATIONS PROTECTION
17 - Restrict Access to Cache	SYSTEM AND COMMUNICATIONS PROTECTION
18 - Do not use BIND9 Views for split horizons	CONFIGURATION MANAGEMENT
19 - dnssec-keygen Algorithms
20 - Include TSIG key in named.conf	SYSTEM AND COMMUNICATIONS PROTECTION
21 - Restrict Zone-Transfers	SYSTEM AND COMMUNICATIONS PROTECTION
22 - Use Update Policy
23 - Enable GSS-TSIG
24 - Disable dnssec-accept-expired option	CONFIGURATION MANAGEMENT
25 - Ignore erroneous or unwanted traffic	SYSTEM AND COMMUNICATIONS PROTECTION
26 - Ensure revision current	SYSTEM AND INFORMATION INTEGRITY
27 - Remove Nameserver ID	CONFIGURATION MANAGEMENT
28 - Configure a syslog channel
29 - Configure a File Channel	AUDIT AND ACCOUNTABILITY
30 - Disable the HTTP Statistics Server	CONFIGURATION MANAGEMENT
31 - Defend against Denial of Service Attacks
32 - Do not define a static source port	CONFIGURATION MANAGEMENT

Detections

Analytics

BIND - TNS BIND Best Practices Audit v1.0.0

Warning! Audit Deprecated

Audit Details

File Details

Audit Items