The kdump service on AlmaLinux OS 9 must be disabled.

STIG ID: ALMA-09-022350  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-269278

Vulnerability Discussion

Kernel core dumps may contain the full contents of system memory at the time of the crash. Kernel core dumps consume a considerable amount of disk space and may result in denial of service by exhausting the available space on the target file system partition.

Unless the system is used for kernel development or testing, there is little need to run the kdump service.

Check

Verify that the kdump service is disabled in system boot configuration with the following command:

$ systemctl is-enabled kdump

masked

Verify that the kdump service is not active (i.e., not running) through current runtime configuration with the following command:

$ systemctl is-active kdump

inactive

Verify that the kdump service is masked with the following command:

$ systemctl show kdump | grep "LoadState\|UnitFileState"

LoadState=masked
UnitFileState=masked

If the "kdump" service is loaded or active, and is not masked, this is a finding.

Fix

Disable the kdump service with the following command:

$ systemctl mask --now kdump
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.