Check: UBTU-20-010413
Canonical Ubuntu 20.04 LTS STIG:
UBTU-20-010413
(in versions v1 r12 through v1 r1)
Title
The Ubuntu operating system must disable kernel core dumps so that it can fail to a secure state if system initialization fails, shutdown fails or aborts fail. (Cat II impact)
Discussion
Kernel core dumps may contain the full contents of system memory at the time of the crash. Kernel core dumps may consume a considerable amount of disk space and may result in denial of service by exhausting the available space on the target file system partition.
Check Content
Verify that kernel core dumps are disabled unless needed. Check if "kdump" service is active with the following command: $ systemctl is-active kdump.service inactive If the "kdump" service is active, ask the SA if the use of the service is required and documented with the ISSO. If the service is active and is not documented, this is a finding.
Fix Text
If kernel core dumps are not required, disable the "kdump" service with the following command: $ sudo systemctl disable kdump.service If kernel core dumps are required, document the need with the ISSO.
Additional Identifiers
Rule ID: SV-238334r654177_rule
Vulnerability ID: V-238334
Group Title: SRG-OS-000184-GPOS-00078
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001190 |
The information system fails to an organization-defined known-state for organization-defined types of failures. |
Controls
Number | Title |
---|---|
SC-24 |
Fail In Known State |