CCE-90697-4Platform: rhel7,centos7 | Date: (C)2017-06-29 (M)2022-10-10 |
Disable Network Console (netconsole)
The 'netconsole' service is responsible for loading the
netconsole kernel module, which logs kernel printk messages over UDP to
Asyslog server. This allows debugging of problems where disk logging fails and
serial consoles are impractical.
The 'netconsole' service can be disabled with the following command:
'$ sudo systemctl disable netconsole'
Parameter:
Technical Mechanism:
The 'netconsole' service is not necessary unless there is a need to debug
kernel panics, which is not common.
Fix:
#
# Disable netconsole for all run levels
#
chkconfig --level 0123456 netconsole off
#
# Stop netconsole if currently running
#
service netconsole stop
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30388 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31111 |