Kernel core dumps must be disabled unless needed.

STIG ID: UBTU-18-010505  |  SRG: SRG-OS-000184-GPOS-00078 | Severity: medium |  CCI: CCI-001190

Vulnerability Discussion

Kernel core dumps may contain the full contents of system memory at the time of the crash. Kernel core dumps may consume a considerable amount of disk space and may result in denial of service by exhausting the available space on the target file system partition.

Check

Verify that kernel core dumps are disabled unless needed.

Check if "kdump" service is active with the following command:

# systemctl is-active kdump.service
inactive

If the "kdump" service is active, ask the System Administrator if the use of the service is required and documented with the Information System Security Officer (ISSO).

If the service is active and is not documented, this is a finding.

Fix

If kernel core dumps are not required, disable the "kdump" service with the following command:

# systemctl disable kdump.service

If kernel core dumps are required, document the need with the Information System Security Officer (ISSO).
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.