← Back to SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide

V-261270

CAT II (Medium)

SLEM 5 kernel core dumps must be disabled unless needed.

Rule ID

SV-261270r996860_rule

STIG

SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide

Version

V1R4

CCIs

CCI-000366

Discussion

Kernel core dumps may contain the full contents of system memory at the time of the crash. Kernel core dumps may consume a considerable amount of disk space and may result in denial of service (DoS) by exhausting the available space on the target file system partition.

Check Content

Verify that SLEM 5 kernel core dumps are disabled unless needed with the following command:

     > systemctl status kdump.service
     kdump.service - Load kdump kernel and initrd
          Loaded: loaded (/usr/lib/systemd/system/kdump.service; disabled; vendor preset: disabled)
          Active: inactive (dead)

If "kdump.service" is active, ask the system administrator if the use of the service is required and documented with the information system security officer (ISSO).

If the service is active and is not documented, this is a finding.

Fix Text

If SLEM 5 kernel core dumps are not required, disable the "kdump" service with the following command:

     > sudo systemctl disable kdump.service

If kernel core dumps are required, document the need with the ISSO.