STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide

V-269278

CAT II (Medium)

The kdump service on AlmaLinux OS 9 must be disabled.

Rule ID

SV-269278r1050160_rule

STIG

Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide

Version

V1R6

CCIs

CCI-000366

Discussion

Kernel core dumps may contain the full contents of system memory at the time of the crash. Kernel core dumps consume a considerable amount of disk space and may result in denial of service by exhausting the available space on the target file system partition. Unless the system is used for kernel development or testing, there is little need to run the kdump service.

Check Content

Verify that the kdump service is disabled in system boot configuration with the following command:

$ systemctl is-enabled  kdump  

masked 

Verify that the kdump service is not active (i.e., not running) through current runtime configuration with the following command:

$ systemctl is-active kdump 

inactive 

Verify that the kdump service is masked with the following command:

$ systemctl show  kdump  | grep "LoadState\|UnitFileState" 

LoadState=masked 
UnitFileState=masked 

If the "kdump" service is loaded or active, and is not masked, this is a finding.

Fix Text

Disable the kdump service with the following command:

$ systemctl mask --now kdump