1.2 Do Not Install a Multi-Use System - systemctl

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Default server configurations often expose a wide variety of services unnecessarily increasing the risk to the system. Just because a server can perform many services doesn't mean it is wise to do so. The number of services and daemons executing on the ISC BIND DNS server should be limited to those necessary, with the DNS service being the only primary function of the server.

NOTE: Nessus has not evaluted this check. Please review the output to ensure benchmark compliance. The target system may not have have the 'systemctl' executable.

Solution

Disable all unnecessary services or move necessary primary services other than DNS to another server. Leverage the package or services manager for your OS to uninstall or disable unneeded services. On Red Hat systems, the following commands may be used to uninstall a package or disable a service:

# yum erase

# systemctl disable .service

See Also

https://benchmarks.cisecurity.org/downloads/show-single/?file=bind.300

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7

Plugin: Unix

Control ID: cdb1f208c0c3ca6fb41366ff790d506e0e65182d343939802faa87fb413e5633