Disable Automatic Bug Reporting Tool (abrtd)

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

The Automatic Bug Reporting Tool (abrtd) daemon collects and reports crash data when an application crash is detected. Using a variety of plugins, abrtd can email crash reports to system administrators, log crash reports to files, or forward crash reports to a centralized issue tracking system such as RHTSupport.

The abrtd service can be disabled with the following command:

$ sudo systemctl disable abrtd.service

Rationale

Mishandling crash data could expose sensitive information about vulnerabilities in software executing on the system, as well as sensitive information from within a process’s address space or registers.

Remediation

Shell script

The following script can be run on the host to remediate the issue.

#!/bin/bash

SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" stop 'abrtd.service'
"$SYSTEMCTL_EXEC" disable 'abrtd.service'
# Disable socket activation if we have a unit file for it
"$SYSTEMCTL_EXEC" list-unit-files | grep -q '^abrtd.socket\>' && "$SYSTEMCTL_EXEC" disable 'abrtd.socket'
# The service may not be running because it has been started and failed,
# so let's reset the state so OVAL checks pass.
# Service should be 'inactive', not 'failed' after reboot though.
"$SYSTEMCTL_EXEC" reset-failed 'abrtd.service'

Ansible playbook

The following playbook can be run with Ansible to remediate the issue.

- name: Disable service abrtd
  service:
    name: "{{item}}"
    enabled: "no"
    state: "stopped"
  register: service_result
  failed_when: "service_result is failed and ('Could not find the requested service' not in service_result.msg)"
  with_items:
    - abrtd
  tags:
    - service_abrtd_disabled
    - unknown_severity
    - disable_strategy
    - low_complexity
    - low_disruption
    - NIST-800-53-AC-17(8)
    - NIST-800-53-CM-7


- name: Disable socket of service abrtd if applicable
  service:
    name: "{{item}}"
    enabled: "no"
    state: "stopped"
  register: socket_result
  failed_when: "socket_result is failed and ('Could not find the requested service' not in socket_result.msg)"
  with_items:
    - abrtd.socket
  tags:
    - service_abrtd_disabled
    - unknown_severity
    - disable_strategy
    - low_complexity
    - low_disruption
    - NIST-800-53-AC-17(8)
    - NIST-800-53-CM-7