{"description": "The <tt>quota_nld</tt> service provides notifications to\nusers of disk space quota violations. It listens to the kernel via a netlink\nsocket for disk quota violations and notifies the appropriate user of the\nviolation using D-Bus or by sending a message to the terminal that the user has\nlast accessed.\n\nThe <code>quota_nld</code> service can be disabled with the following command:\n<pre>$ sudo systemctl mask --now quota_nld.service</pre>", "rationale": "If disk quotas are enforced on the local system, then the\n<tt>quota_nld</tt> service likely provides useful functionality and should\nremain enabled. However, if disk quotas are not used or user notification of\ndisk quota violation is not desired then there is no need to run this\nservice.", "severity": "low", "references": {"cis-csc": ["11", "14", "3", "9"], "cobit5": ["BAI10.01", "BAI10.02", "BAI10.03", "BAI10.05", "DSS05.02", "DSS05.05", "DSS06.06"], "isa-62443-2009": ["4.3.3.5.1", "4.3.3.5.2", "4.3.3.5.3", "4.3.3.5.4", "4.3.3.5.5", "4.3.3.5.6", "4.3.3.5.7", "4.3.3.5.8", "4.3.3.6.1", "4.3.3.6.2", "4.3.3.6.3", "4.3.3.6.4", "4.3.3.6.5", "4.3.3.6.6", "4.3.3.6.7", "4.3.3.6.8", "4.3.3.6.9", "4.3.3.7.1", "4.3.3.7.2", "4.3.3.7.3", "4.3.3.7.4", "4.3.4.3.2", "4.3.4.3.3"], "isa-62443-2013": ["SR 1.1", "SR 1.10", "SR 1.11", "SR 1.12", "SR 1.13", "SR 1.2", "SR 1.3", "SR 1.4", "SR 1.5", "SR 1.6", "SR 1.7", "SR 1.8", "SR 1.9", "SR 2.1", "SR 2.2", "SR 2.3", "SR 2.4", "SR 2.5", "SR 2.6", "SR 2.7", "SR 7.6"], "iso27001-2013": ["A.12.1.2", "A.12.5.1", "A.12.6.2", "A.14.2.2", "A.14.2.3", "A.14.2.4", "A.9.1.2"], "nist": ["CM-7(a)", "CM-7(b)", "CM-6(a)"], "nist-csf": ["PR.IP-1", "PR.PT-3"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "the \"quota_nld\" is loaded and not masked", "ocil": "To check that the <code>quota_nld</code> service is disabled in system boot configuration,\nrun the following command:\n<pre>$ sudo systemctl is-enabled <code>quota_nld</code></pre>\nOutput should indicate the <code>quota_nld</code> service has either not been installed,\nor has been disabled at all runlevels, as shown in the example below:\n<pre>$ sudo systemctl is-enabled <code>quota_nld</code><br/> disabled</pre>\n\nRun the following command to verify <code>quota_nld</code> is not active (i.e. not running) through current runtime configuration:\n<pre>$ sudo systemctl is-active quota_nld</pre>\n\nIf the service is not running the command will return the following output:\n<pre>inactive</pre>\n\nThe service will also be masked, to check that the <code>quota_nld</code> is masked, run the following command:\n<pre>$ sudo systemctl show <code>quota_nld</code> | grep \"LoadState\\|UnitFileState\"</pre>\n\nIf the service is masked the command will return the following outputs:\n\n<pre>LoadState=masked</pre>\n\n<pre>UnitFileState=masked</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {"check-import": "stdout", "platform": ["multi_platform_all"], "environment": "any", "filename": "service_quota_nld_disabled.sh", "relative_path": "ubuntu2204/checks/sce/service_quota_nld_disabled.sh"}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Disable Quota Netlink (quota_nld)", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml", "template": {"name": "service_disabled", "vars": {"servicename": "quota_nld", "packagename": "quota-nld"}, "backends": {}}}