STIGQter STIGQter: STIG Summary: Oracle Linux 5 Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 26 Oct 2018: The kernel core dump data directory must be group-owned by root, bin, sys, or system.

DISA Rule

SV-64431r1_rule

Vulnerability Number

V-22405

Group Title

GEN003521

Rule Version

GEN003521

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Change the group-owner of the kernel core dump data directory.

# chgrp root <kernel core dump data directory>

Check Contents

Determine the kernel core dump data directory and check its ownership.

Procedure:
Examine /etc/kdump.conf. The "path" parameter, which defaults to /var/crash, determines the path relative to the crash dump device. The crash device is specified with a filesystem type and device, such as "ext3 /dev/sda2". Using this information, determine where this path is currently mounted on the system.

# ls -ld <kernel dump data directory>

If the directory is not group-owned by root, bin, sys, or system, this is a finding.

Vulnerability Number

V-22405

Documentable

False

Rule Version

GEN003521

Severity Override Guidance

Determine the kernel core dump data directory and check its ownership.

Procedure:
Examine /etc/kdump.conf. The "path" parameter, which defaults to /var/crash, determines the path relative to the crash dump device. The crash device is specified with a filesystem type and device, such as "ext3 /dev/sda2". Using this information, determine where this path is currently mounted on the system.

# ls -ld <kernel dump data directory>

If the directory is not group-owned by root, bin, sys, or system, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

2207

Comments