Check: RHEL-08-010670
RHEL 8 STIG:
RHEL-08-010670
(in versions v2 r1 through v1 r1)
Title
RHEL 8 must disable kernel dumps unless needed. (Cat II impact)
Discussion
Kernel core dumps may contain the full contents of system memory at the time of the crash. Kernel core dumps may consume a considerable amount of disk space and may result in denial of service by exhausting the available space on the target file system partition. RHEL 8 installation media presents the option to enable or disable the kdump service at the time of system installation.
Check Content
Verify that kernel core dumps are disabled unless needed with the following command: $ sudo systemctl status kdump.service kdump.service - Crash recovery kernel arming Loaded: loaded (/usr/lib/systemd/system/kdump.service; enabled; vendor preset: enabled) Active: active (exited) since Mon 2020-05-04 16:08:09 EDT; 3min ago Main PID: 1130 (code=exited, status=0/SUCCESS) If the "kdump" service is active, ask the System Administrator if the use of the service is required and documented with the Information System Security Officer (ISSO). If the service is active and is not documented, this is a finding.
Fix Text
If kernel core dumps are not required, disable the "kdump" service with the following command: # systemctl disable kdump.service If kernel core dumps are required, document the need with the ISSO.
Additional Identifiers
Rule ID: SV-230310r1017120_rule
Vulnerability ID: V-230310
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |