Check: RIIM-OS-213015
Riverbed NetIM OS STIG:
RIIM-OS-213015
(in version v1 r1)
Title
Ubuntu OS must disable kernel core dumps. (Cat II impact)
Discussion
Kernel core dumps may contain the full contents of system memory at the time of the crash. Kernel core dumps may consume a considerable amount of disk space and may result in denial of service by exhausting the available space on the target file system partition.
Check Content
Verify kernel core dumps are disabled with the following command: $ systemctl is-active kdump.service inactive If the "kdump" service is active, ask the system administrator (SA) if the use of the service is required and documented with the information system security officer (ISSO). If the service is active, this is a finding.
Fix Text
Disable the "kdump" service with the following command: $ sudo systemctl disable kdump.service If kernel core dumps are required, document the need with the ISSO.
Additional Identifiers
Rule ID: SV-275568r1148289_rule
Vulnerability ID: V-275568
Group Title: SRG-OS-000184-GPOS-00078
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001190 |
Fail to an organization-defined known-system state for the list of organization-defined types of system failures on organization-defined system components on the indicated components while preserving organization-defined system state information in failure. |
Controls
| Number | Title |
|---|---|
| SC-24 |
Fail in Known State |