The system must enable kernel core dumps.

From VMware vSphere ESXi 6.0 Security Technical Implementation Guide

Part of SRG-OS-000269-VMM-000950

Associated with: CCI-001665

SV-77747r1_rule The system must enable kernel core dumps.

Vulnerability discussion

In the event of a system failure, the system must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.

Check content

From the vSphere Web Client select the ESXi Host and right click. If the "Add Diagnostic Partition" option is greyed out then core dumps are configured. or From a PowerCLI command prompt while connected to the ESXi host run the following commands: $esxcli = Get-EsxCli $esxcli.system.coredump.partition.get() $esxcli.system.coredump.network.get() The first command prepares for the other two. The second command shows whether there is an active core dump partition configured. The third command shows whether a network core dump collector is configured and enabled, via the "HostVNic", "NetworkServerIP", "NetworkServerPort", and "Enabled" variables. If there is no active core dump partition or the network core dump collector is not configured and enabled, this is a finding.

Fix text

From the vSphere Web Client select the ESXi Host and right click. Select the "Add Diagnostic Partition" option configure a core dump diagnostic partition. or From a PowerCLI command prompt while connected to the ESXi host run at least one of the following sets of commands: To configure a core dump partition: $esxcli = Get-EsxCli #View available partitions to configure $esxcli.system.coredump.partition.list() $esxcli.system.coredump.partition.set($null,"PartitionName",$null,$null) To configure a core dump collector: $esxcli = Get-EsxCli $esxcli.system.coredump.network.set($null,"vmkernel port to use",$null,"CollectorIP","CollectorPort") $esxcli.system.coredump.network.set($true)

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer