Ensure BIND Processes Run in the named_t Confined Context Type
Details SELinux includes customizable targeted policies that may be used to confine the BIND named server to enforce least privileges...
- Home
- Security Hardening
- CIS Bind DNS V1.0.0 L2 Caching Only Name Server
CIS Bind DNS V1.0.0 L2 Caching Only Name Server
Ensure Only the Necessary SELinux Booleans are Enabled
Details SELinux booleans allow or disallow specific behaviors. There are two boolean variables specific to the ISC BIND DNS server:...Ensure SELinux Is Enabled in Enforcing Mode – config file
Details SELinux (Security-Enhanced Linux) is a Linux kernel security module that provides mandatory access control security policies with type enforcement...Ensure SELinux Is Enabled in Enforcing Mode – current mode
Details SELinux (Security-Enhanced Linux) is a Linux kernel security module that provides mandatory access control security policies with type enforcement...Ensure the named_t Process Type is Not in Permissive Mode
Details In addition to setting the entire SELinux configuration in permissive mode, it is possible to set individual process types...Isolate BIND with chroot’ed Subdirectory
Details The chroot() system call causes an application to run with limited file system access so that a subdirectory becomes...Use Secure Upstream Caching DNS Servers
Details Caching name servers often forward queries to another caching name server to allow the name service work to be...