BIND-9X-001110 - The TSIG keys used with the BIND 9.x implementation must be owned by a privileged account.

Information

Incorrect ownership of a TSIG key file could allow an adversary to modify the file, thus defeating the security objective.

Solution

Change the ownership of the TSIG keys to the named process is running as.

# chown <named_proccess_owner> <TSIG_key_file>.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_BIND_9-x_V2R3_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(2)(b), CAT|II, CCI|CCI-000186, Rule-ID|SV-207563r879613_rule, STIG-ID|BIND-9X-001110, STIG-Legacy|SV-87061, STIG-Legacy|V-72437, Vuln-ID|V-207563

Plugin: Unix

Control ID: 9b4cb233268aa929b29b3061696769eaa517aecf30c92ba4b8b478ba1d2ffba6