Fli
09-10-2014, 06:21 PM
After running lynis (linux security auditing tool), it said im exposing my bind version number, so here is what worked to hide it:
lynis warning:
Found BIND version in banner [NAME-4210]
http://cisofy.com/controls/NAME-4210/
command to test/check bind version of an nameserver
nslookup -type=txt -class=chaos version.bind ns1.yourdomain.com
example output:
version.bind text = "9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1"
How to fix, hide the BIND version number?
edit file:
vi /etc/named.conf
Add this line:
version "Not disclosed";
into:
options {
}
example i have:
options {
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
pid-file "/var/run/named/named.pid";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
allow-transfer {"none";};
version "Not disclosed";
};
then restarted bind (named service):
rhel:
service named restart
deb:
/etc/init.d/named restart ?
lynis warning:
Found BIND version in banner [NAME-4210]
http://cisofy.com/controls/NAME-4210/
command to test/check bind version of an nameserver
nslookup -type=txt -class=chaos version.bind ns1.yourdomain.com
example output:
version.bind text = "9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1"
How to fix, hide the BIND version number?
edit file:
vi /etc/named.conf
Add this line:
version "Not disclosed";
into:
options {
}
example i have:
options {
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
pid-file "/var/run/named/named.pid";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
allow-transfer {"none";};
version "Not disclosed";
};
then restarted bind (named service):
rhel:
service named restart
deb:
/etc/init.d/named restart ?