Uninstall Automatic Bug Reporting Tool (abrt)
An XCCDF Rule
Description
The Automatic Bug Reporting Tool (abrt
) collects
and reports crash data when an application crash is detected. Using a variety
of plugins, abrt can email crash reports to system administrators, log crash
reports to files, or forward crash reports to a centralized issue tracking
system such as RHTSupport.
The abrt
package can be removed with the following command:
$ sudo yum erase abrt
Rationale
Mishandling crash data could expose sensitive information about vulnerabilities in software executing on the system, as well as sensitive information from within a process's address space or registers.
- ID
- xccdf_org.ssgproject.content_rule_package_abrt_removed
- Severity
- Medium
- References
- Updated
Remediation - Anaconda Pre-Install Instructions
package --remove=abrt
Remediation - Ansible
- name: Ensure abrt is removed
package:
name: abrt
state: absent
tags:
- CCE-81040-8
Remediation - Puppet
include remove_abrt
class remove_abrt {
package { 'abrt':
ensure => 'purged',
}
Remediation - Shell Script
# CAUTION: This remediation script will remove abrt
# from the system, and may remove any packages
# that depend on abrt. Execute this
# remediation AFTER testing on a non-production
# system!