Detections
Analytics
GEN003510-ESXI5-006660 - Kernel core dumps must be disabled unless needed.
Information
Kernel core dumps may contain the full contents of system memory at the time of the crash. Kernel core dumps may consume a considerable amount of disk space and may result in Denial-of-Service by exhausting the available space on the target file system. The kernel core dump process may increase the amount of time a system is unavailable due to a crash. Kernel core dumps can be useful for kernel debugging.NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
For ESXi 5.0 servers (standalone or managed by vCenter Server) that have kernel core dumps configured locally:To create a diagnostic coredump partition on disk, select a storage device with at least 100MB of free space (200MB recommended) that is accessible by the ESXi host. Ensure the storage device you intend to use does not contain any useful data as it will be overwritten. Use the partedUtil command line utility (refer to the vendor's documentation) to create a new partition. Then use the esxcli command line utility to list all accessible diagnostic partitions.
# esxcli system coredump partition list
The output appears similar to:
Name Path Active Configured
---------------------------------- ------ --------- ----------------
mpx.vmhba2:C0:T0:L0:7 /vmfs/devices/... false false
Configure and activate one of the accessible diagnostic partitions using the esxcli command line utility.
# esxcli system coredump partition set --partition='Partition_Name'
# esxcli system coredump partition set --enable true
Validate that the diagnostic partition is now active using the command:
# esxcli system coredump partition list
The output should now appear similar to:
Name Path Active Configured
---------------------------------- ------ --------- ----------------
mpx.vmhba2:C0:T0:L0:7 /vmfs/devices/... true true
For ESXi 5.0 servers managed by vCenter Server using a network core dump server:
View the current network configuration.
# esxcli system coredump network get
Specify the VMkernel network interface to use for outbound traffic and the IP address/UDP port number of the remote network coredump server.
# esxcli system coredump network set --interface-name <VMkernelInterface> --server-ipv4 <IPAddress> --server-port PortNumber
Enable the above selected network coredump configuration.
# esxcli system coredump network set --enable true
Confirm the configuration.
# esxcli system coredump network get
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_ESXi5_Server_V2R1_STIG.zip
Item Details
Audit Name: DISA STIG VMWare ESXi Server 5 STIG v2r1
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Group-ID|V-39355, Rule-ID|SV-250586r798757_rule, STIG-ID|GEN003510-ESXI5-006660, STIG-Legacy|SV-51213, STIG-Legacy|V-39355, Vuln-ID|V-250586
Plugin: VMware
Control ID: 8930c1e02f60f373e964b7618ae14611a7ba1d2d493c9dc9e0aba1929dde0117