Title

The Red Hat Enterprise Linux operating system must disable Kernel core dumps unless needed. (Cat II impact)

Discussion

Kernel core dumps may contain the full contents of system memory at the time of the crash. Kernel core dumps may consume a considerable amount of disk space and may result in denial of service by exhausting the available space on the target file system partition.

Check Content

Verify that kernel core dumps are disabled unless needed. Check the status of the "kdump" service with the following command: # systemctl status kdump.service kdump.service - Crash recovery kernel arming Loaded: loaded (/usr/lib/systemd/system/kdump.service; enabled) Active: active (exited) since Wed 2015-08-26 13:08:09 EDT; 43min ago Main PID: 1130 (code=exited, status=0/SUCCESS) kernel arming. If the "kdump" service is active, ask the System Administrator if the use of the service is required and documented with the Information System Security Officer (ISSO). If the service is active and is not documented, this is a finding.

Fix Text

If kernel core dumps are not required, disable the "kdump" service with the following command: # systemctl disable kdump.service If kernel core dumps are required, document the need with the ISSO.

Additional Identifiers

Rule ID: SV-204492r991589_rule

Vulnerability ID: V-204492

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.