Disable /dev/kmem virtual device support

An XCCDF Rule

Details
Profiles
Prose

Description

Disable support for the /dev/kmem device. The configuration that was used to build kernel is available at /boot/config-*. To check the configuration value for CONFIG_DEVKMEM, run the following command: grep CONFIG_DEVKMEM /boot/config-* Configs with value 'n' are not explicitly set in the file, so either commented lines or no lines should be returned.

warning alert: Warning

There is no remediation for this besides re-compiling the kernel with the appropriate value for the config.

Rationale

The /dev/kmem device is rarely used, but can be used for certain kind of kernel debugging operations.

ID: xccdf_org.ssgproject.content_rule_kernel_config_devkmem
Severity: Low
References: BP28(R15)
Updated: about 1 year ago