Disable Apport Service
An XCCDF Rule
Description
The Apport modifies certain kernel configuration values at
runtime which may decrease the overall security of the system and expose sensitive data.
The apport
service can be disabled with the following command:
$ sudo systemctl mask --now apport.service
Rationale
The Apport service modifies the kernel
fs.suid_dumpable
configuration at runtime which
prevents other hardening from being persistent. Disabling the
service prevents this behavior.
- ID
- xccdf_org.ssgproject.content_rule_service_apport_disabled
- Severity
- Unknown
- Updated
Remediation - Kubernetes Patch
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
config:
ignition:
version: 3.1.0
Remediation - OS Build Blueprint
[customizations.services]
disabled = ["apport"]
Remediation - Puppet
include disable_apport
class disable_apport {
service {'apport':
enable => false,
ensure => 'stopped',
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if dpkg-query --show --showformat='${db:Status-Status}\n' 'apport' 2>/dev/null | grep -q installed; then
SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" stop 'apport.service'
"$SYSTEMCTL_EXEC" disable 'apport.service'
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- disable_strategy
- low_complexity