Skip to content

Disable Apport Service

An XCCDF Rule

Description

The Apport modifies certain kernel configuration values at runtime which may decrease the overall security of the system and expose sensitive data. The apport service can be disabled with the following command:

$ sudo systemctl mask --now apport.service

Rationale

The Apport service modifies the kernel fs.suid_dumpable configuration at runtime which prevents other hardening from being persistent. Disabling the service prevents this behavior.

ID
xccdf_org.ssgproject.content_rule_service_apport_disabled
Severity
Unknown
Updated



Remediation - Kubernetes Patch

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
  config:
    ignition:
      version: 3.1.0

Remediation - OS Build Blueprint


[customizations.services]
disabled = ["apport"]

Remediation - Puppet

include disable_apport

class disable_apport {
  service {'apport':
    enable => false,
    ensure => 'stopped',

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if dpkg-query --show --showformat='${db:Status-Status}\n' 'apport' 2>/dev/null | grep -q installed; then

SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" stop 'apport.service'
"$SYSTEMCTL_EXEC" disable 'apport.service'

Remediation - Ansible

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - disable_strategy
  - low_complexity