Skip to content

Uninstall Automatic Bug Reporting Tool (abrt)

An XCCDF Rule

Description

The Automatic Bug Reporting Tool (abrt) collects and reports crash data when an application crash is detected. Using a variety of plugins, abrt can email crash reports to system administrators, log crash reports to files, or forward crash reports to a centralized issue tracking system such as RHTSupport. The abrt package can be removed with the following command:

$ sudo yum erase abrt

Rationale

Mishandling crash data could expose sensitive information about vulnerabilities in software executing on the system, as well as sensitive information from within a process's address space or registers.

ID
xccdf_org.ssgproject.content_rule_package_abrt_removed
Severity
Medium
References
Updated



Remediation - Anaconda Pre-Install Instructions


package --remove=abrt

Remediation - Ansible

- name: Ensure abrt is removed
  package:
    name: abrt
    state: absent
  tags:
  - DISA-STIG-RHEL-08-040001

Remediation - Puppet

include remove_abrt

class remove_abrt {
  package { 'abrt':
    ensure => 'purged',
  }

Remediation - Shell Script


# CAUTION: This remediation script will remove abrt
#	   from the system, and may remove any packages
#	   that depend on abrt. Execute this
#	   remediation AFTER testing on a non-production
#	   system!