BIND-9X-000001 – A BIND 9.x server implementation must be running in a chroot(ed) directory structure.
Details With any network service, there is the potential that an attacker can exploit a vulnerability within the program that...
- Home
- Security Hardening
- DISA Bind 9.x STIG V2R2
DISA Bind 9.x STIG V2R2
BIND-9X-001000 – A BIND 9.x server implementation must be operating on a Current-Stable version as defined by ISC.
Details The BIND STIG was written to incorporate capabilities and features provided in BIND version 9.9.x. However, it is recognized...BIND-9X-001002 – The platform on which the name server software is hosted must only run processes and services needed to support the BIND 9.x implementation.
Details Hosts that run the name server software should not provide any other services. Unnecessary services running on the DNS...BIND-9X-001003 – The BIND 9.x server software must run with restricted privileges.
Details Failure to provide logical access restrictions associated with changes to application configuration may have significant effects on the overall...BIND-9X-001030 – The print-severity variable for the configuration of BIND 9.x server logs must be configured to produce audit records containing information to establish what type of events occurred.
Details Auditing and logging are key components of any security architecture. It is essential for security personnel to know what...BIND-9X-001031 – The print-time variable for the configuration of BIND 9.x server logs must be configured to establish when (date and time) the events occurred.
Details Without establishing when events occurred, it is impossible to establish, correlate, and investigate the events relating to an incident....BIND-9X-001032 – The print-category variable for the configuration of BIND 9.x server logs must be configured to record information indicating which process generated the events.
Details Without establishing where events occurred, it is impossible to establish, correlate, and investigate the events relating to an incident....BIND-9X-001040 – The BIND 9.x server implementation must be configured with a channel to send audit records to a remote syslog – named syslog
Details Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to...BIND-9X-001040 – The BIND 9.x server implementation must be configured with a channel to send audit records to a remote syslog – rsyslog/syslog
Details Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to...BIND-9X-001004 – The host running a BIND 9.X implementation must implement a set of firewall rules that restrict traffic on the DNS interface – drop
Details Configuring hosts that run a BIND 9.X implementation to only accept DNS traffic on a DNS interface allows a...