Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-60052

xccdf_org.ssgproject.content_rule_service_systemd-coredump_disabled failure even when inapplicable

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-8.10
    • scap-security-guide
    • None
    • No
    • None
    • rhel-sst-security-compliance
    • ssg_security
    • 2
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • None
    • None
    • Unspecified Release Note Type - Unknown
    • None

      The following openscap failures are reported on a system with core dumps entirely disabled by setting "kernel.core_pattern = |/bin/false": -

      xccdf_org.ssgproject.content_rule_service_systemd-coredump_disabled complains that the systemd-coredump.socket is not masked -

      xccdf_org.ssgproject.content_rule_coredump_disable_backtraces complains that coredump.conf does not set ProcessSizeMax=0 -

      xccdf_org.ssgproject.content_rule_coredump_disable_storage complains that coredump.conf does not set Storage=none However, since the system has core dumps disabled entirely, all of these are not applicable.

       

      # sysctl kernel.core_pattern
kernel.core_pattern = |/bin/false 

       

      We believe these rules should be treated as "notapplicable" if core dumps are disabled by setting core_pattern to "|/bin/false".

       

       

      Steps to Reproduce: 

1. Disable coredumps in /etc/sysctl.d/*.conf

[root@R8 ~]# cat /etc/sysctl.d/99-z-coredump.conf
kernel.core_pattern = |/bin/false

[root@R8 ~]# sysctl kernel.core_pattern
kernel.core_pattern = |/bin/false

2. Execute scan:   

# oscap xccdf eval --fetch-remote-resources --profile xccdf_org.ssgproject.content_profile_stig --results /tmp/stig-result.xml --report /tmp/stig-report.html --stig-viewer /tmp/stig-viewer.xml /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml  

3. Failures for various coredump rules appear:

Disable Core Dumps 3x fail
Disable acquiring, saving, and processing core dumps medium fail
Disable core dump backtraces medium fail
Disable storing core dump medium fail
Disable Core Dumps for All Users medium pass

       

       

              vpolasek@redhat.com Vojtech Polasek
              rhn-support-lnarvaez Louis Narvaez
              Vojtech Polasek Vojtech Polasek
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated: