← Back to Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide

V-270746

CAT II (Medium)

Ubuntu 24.04 LTS must disable kernel core dumps.

Rule ID

SV-270746r1155242_rule

STIG

Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide

Version

V1R5

CCIs

CCI-001190

Discussion

Kernel core dumps may contain the full contents of system memory at the time of the crash. Kernel core dumps may consume a considerable amount of disk space and may result in denial of service by exhausting the available space on the target file system partition.

Check Content

Verify kernel core dumps are disabled unless needed with the following command: 
 
$ systemctl status kdump-tools.service
o kdump-tools.service
     Loaded: masked (Reason: Unit kdump-tools.service is masked.)
     Active: inactive (dead)

If kdump-tools is not installed the output will be:
Unit kdump-tools.service could not be found.

If "kdump-tools.service" is not masked and inactive, ask the system administrator (SA) if the use of the service is required and documented with the information system security officer (ISSO).

If the service is active and is not documented, this is a finding.

Fix Text

If kernel core dumps are not required, disable the "kdump-tools" service with the following command: 
 
$ sudo systemctl disable kdump-tools.service
 
If kernel core dumps are required, document the need with the ISSO.