Ensure Apport is masked

Description

Ensure that the apport service is masked if it is required to be installed.

Rationale

Apport collects potentially sensitive data, such as core dumps, stack traces, and log files. They can contain passwords, credit card numbers, serial numbers, and other private material.

Audit

isMasked() {
  isMasked=$(systemctl is-enabled "$1")
  if [[ "$isMasked" = "masked" ]]; then
    exit 0
  else
    exit 1
  fi
}

@test "Verify that apport is masked" {
  run isMasked apport.service
  [ "$status" -eq 0 ]
}

Remediation

shell

sed -i 's/enabled=.*/enabled=0/' /etc/default/apport
systemctl stop apport.service
systemctl mask apport.service

References

EUD Security Guidance: Ubuntu 18.04 LTS
https://wiki.ubuntu.com/Apport

results matching ""

    No results matching ""