BIND-9X-001112 - The read and write access to a TSIG key file used by a BIND 9.x server must be restricted to only the account that runs the name server software.

Information

Weak permissions of a TSIG key file could allow an adversary to modify the file, thus defeating the security objective.

Solution

Change the permissions of the TSIG key files:

# chmod 600 <TSIG_key_file>

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_BIND_9-x_V2R3_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(2)(b), CAT|II, CCI|CCI-000186, Rule-ID|SV-207565r879613_rule, STIG-ID|BIND-9X-001112, STIG-Legacy|SV-87065, STIG-Legacy|V-72441, Vuln-ID|V-207565

Plugin: Unix

Control ID: f2590ce825b8f93c2c815554e671f48e5fdc5f9fc1d88f376980620377179c53