2.6 Set Group named or root for BIND Directories and Files

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

All the BIND directories and files should have a group of either named or root.

Rationale:

In general the BIND directories and files default to a group of named, however some system files may have a group of root. Examples of system files include chroot'ed system device files. Either group root or named is accepted, as the intent is to prevent unexpected group ids, from getting inappropriate access to BIND files. Run time directories to which BIND will need write access should have a group of named, so that write access may be granted via the group permissions.

Solution

Run the command below to change all BIND directories and files to the group named.

chgrp -R named $BIND_HOME $RUNDIR

Default Value:

The default rpm install has all directories and files in the BIND home and the run time directory with a group of named.

See Also

https://benchmarks.cisecurity.org/downloads/show-single/?file=bind.300

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6

Plugin: Unix

Control ID: aa7b962507f9b5588a837b41a2c02c42f839a488b6700a4fb9c13915e158596a