ESXI-67-000044 - The ESXi host must enable kernel core dumps.

Information

In the event of a system failure, the system must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.

Solution

From the vSphere Client, select the ESXi host and right-click. Select the 'Add Diagnostic Partition' option to configure a core dump diagnostic partition.

or

From a PowerCLI command prompt while connected to the ESXi host, run at least one of the following sets of commands:

To configure a core dump partition:

$esxcli = Get-EsxCli -v2
#View available partitions to configure
$esxcli.system.coredump.partition.list.Invoke()
$arguments = $esxcli.system.coredump.partition.set.CreateArgs()
$arguments.partition = '<NAA ID of target partition from output listed previously>'
$esxcli.system.coredump.partition.set.Invoke($arguments)
#You can't set the partition and enable it at the same time so now we can enable it
$arguments = $esxcli.system.coredump.partition.set.CreateArgs()
$arguments.enable = $true
$esxcli.system.coredump.partition.set.Invoke($arguments)

To configure a core dump collector:

$esxcli = Get-EsxCli -v2
$arguments = $esxcli.system.coredump.network.set.CreateArgs()
$arguments.interfacename = '<vmkernel port to use>'
$arguments.serverip = '<collector IP>'
$arguments.serverport = '<collector port>'
$arguments = $esxcli.system.coredump.network.set.Invoke($arguments)
$arguments = $esxcli.system.coredump.network.set.CreateArgs()
$arguments.enable = $true
$arguments = $esxcli.system.coredump.network.set.Invoke($arguments)

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y22M04_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-24, CAT|III, CCI|CCI-001665, Rule-ID|SV-239299r816576_rule, STIG-ID|ESXI-67-000044, Vuln-ID|V-239299

Plugin: Unix

Control ID: 1e68cfbb493468399f340400739f80f680e0dee81c702318076a17f45858ce11