From BIND 9.x Security Technical Implementation Guide
Part of SRG-APP-000231-DNS-000033
Associated with: CCI-001199
Information at rest refers to the state of information when it is located on a secondary storage device within an organizational information system. Mobile devices, laptops, desktops, and storage devices can be either lost or stolen, and the contents of their data storage (e.g., hard drives and non-volatile memory) can be read, copied, or altered. Applications and application users generate information throughout the course of their application use.
If the server is in a classified network, this is Not Applicable.
With the assistance of the DNS Administrator, identify all of the DNSSEC keys used by the BIND 9.x implementation.
Identify the account that the "named" process is running as:
# ps -ef | grep named
named 3015 1 0 12:59 ? 00:00:00 /usr/sbin/named -u named -t /var/named/chroot
With the assistance of the DNS Administrator, determine the location of the DNSSEC keys used by the BIND 9.x implementation.
# ls –al
Change the group ownership of the DNSSEC keys to the named process is running as.
# chgrp
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer