Disable kexec system call

An XCCDF Rule

Details
Profiles
Prose

Description

kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot but it is independent of the system firmware. And like a reboot you can start any kernel with it, not just Linux. The configuration that was used to build kernel is available at /boot/config-*. To check the configuration value for CONFIG_KEXEC, run the following command: grep CONFIG_KEXEC /boot/config-* Configs with value 'n' are not explicitly set in the file, so either commented lines or no lines should be returned.

warning alert: Warning

There is no remediation for this besides re-compiling the kernel with the appropriate value for the config.

Rationale

Prohibits the execution of a new kernel image after reboot.

ID: xccdf_org.ssgproject.content_rule_kernel_config_kexec
Severity: Low
References: BP28(R23)
Updated: about 1 year ago