The read and write access to a TSIG key file used by a BIND 9.x server must be restricted to only the account that runs the name server software.

An XCCDF Rule

Description

Weak permissions of a TSIG key file could allow an adversary to modify the file, thus defeating the security objective.

ID: SV-207565r879613_rule
Severity: Medium
References: CCI-000186
Updated: about 7 hours ago

Remediation Templates

Change the permissions of the TSIG key files:

# chmod 600 <TSIG_key_file>