The Automatic Bug Reporting Tool (abrtd) service must not be running.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-38640	RHEL-06-000261	SV-50441r2_rule		Low

Description
Mishandling crash data could expose sensitive information about vulnerabilities in software executing on the local machine, as well as sensitive information from within a process's address space or registers.

STIG	Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide	2015-09-09

Details

Check Text ( None )
None

Fix Text (F-43589r2_fix)
The Automatic Bug Reporting Tool ("abrtd") daemon collects and reports crash data when an application crash is detected. Using a variety of plugins, abrtd can email crash reports to system administrators, log crash reports to files, or forward crash reports to a centralized issue tracking system such as RHTSupport. The "abrtd" service can be disabled with the following commands: # chkconfig abrtd off # service abrtd stop

Fix Text (F-43589r2_fix)

The Automatic Bug Reporting Tool ("abrtd") daemon collects and reports crash data when an application crash is detected. Using a variety of plugins, abrtd can email crash reports to system administrators, log crash reports to files, or forward crash reports to a centralized issue tracking system such as RHTSupport. The "abrtd" service can be disabled with the following commands:

# chkconfig abrtd off
# service abrtd stop