Disable Quota Netlink (quota_nld)
An XCCDF Rule
Description
The quota_nld
service provides notifications to
users of disk space quota violations. It listens to the kernel via a netlink
socket for disk quota violations and notifies the appropriate user of the
violation using D-Bus or by sending a message to the terminal that the user has
last accessed.
The quota_nld
service can be disabled with the following command:
$ sudo systemctl mask --now quota_nld.service
Rationale
If disk quotas are enforced on the local system, then the
quota_nld
service likely provides useful functionality and should
remain enabled. However, if disk quotas are not used or user notification of
disk quota violation is not desired then there is no need to run this
service.
- ID
- xccdf_org.ssgproject.content_rule_service_quota_nld_disabled
- Severity
- Low
- References
- Updated
Remediation - OS Build Blueprint
[customizations.services]
disabled = ["quota_nld"]
Remediation - Puppet
include disable_quota_nld
class disable_quota_nld {
service {'quota_nld':
enable => false,
ensure => 'stopped',
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" stop 'quota_nld.service'
"$SYSTEMCTL_EXEC" disable 'quota_nld.service'
Remediation - Kubernetes Patch
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
config:
ignition:
version: 3.1.0
Remediation - Ansible
- name: Block Disable service quota_nld
block:
- name: Disable service quota_nld
block: