Skip to content

Disable Quota Netlink (quota_nld)

An XCCDF Rule

Description

The quota_nld service provides notifications to users of disk space quota violations. It listens to the kernel via a netlink socket for disk quota violations and notifies the appropriate user of the violation using D-Bus or by sending a message to the terminal that the user has last accessed. The quota_nld service can be disabled with the following command:

$ sudo systemctl mask --now quota_nld.service

Rationale

If disk quotas are enforced on the local system, then the quota_nld service likely provides useful functionality and should remain enabled. However, if disk quotas are not used or user notification of disk quota violation is not desired then there is no need to run this service.

ID
xccdf_org.ssgproject.content_rule_service_quota_nld_disabled
Severity
Low
References
Updated



Remediation - OS Build Blueprint


[customizations.services]
disabled = ["quota_nld"]

Remediation - Puppet

include disable_quota_nld

class disable_quota_nld {
  service {'quota_nld':
    enable => false,
    ensure => 'stopped',

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" stop 'quota_nld.service'
"$SYSTEMCTL_EXEC" disable 'quota_nld.service'

Remediation - Kubernetes Patch

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
  config:
    ignition:
      version: 3.1.0

Remediation - Ansible

- name: Block Disable service quota_nld
  block:

  - name: Disable service quota_nld
    block: