Check: RHEL-09-213115
RHEL 9 STIG:
RHEL-09-213115
(in versions v1 r3 through v1 r1)
Title
The kdump service on RHEL 9 must be disabled. (Cat II impact)
Discussion
Kernel core dumps may contain the full contents of system memory at the time of the crash. Kernel core dumps consume a considerable amount of disk space and may result in denial of service by exhausting the available space on the target file system partition. Unless the system is used for kernel development or testing, there is little need to run the kdump service.
Check Content
Verify that the kdump service is disabled in system boot configuration with the following command: $ systemctl is-enabled kdump disabled Verify that the kdump service is not active (i.e., not running) through current runtime configuration with the following command: $ systemctl is-active kdump inactive Verify that the kdump service is masked with the following command: $ sudo systemctl show kdump | grep "LoadState\|UnitFileState" LoadState=masked UnitFileState=masked If the "kdump" service is loaded or active, and is not masked, this is a finding.
Fix Text
Disable and mask the kdump service on RHEL 9. To disable the kdump service run the following command: $ sudo systemctl disable --now kdump To mask the kdump service run the following command: $ sudo systemctl mask --now kdump
Additional Identifiers
Rule ID: SV-257818r925441_rule
Vulnerability ID: V-257818
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |