1.5.1 Ensure core dumps are restricted (Scored)
Profile Applicability
Level 1 - Server Level 1 - Workstation
Description
A core dump is the memory of an executable program. It is generally used to determine why a program aborted. It can also be used to glean confidential information from a core file. The system provides the ability to set a soft limit for core dumps, but this can be overridden by the user.
Rationale
Setting a hard limit on core dumps prevents users from overriding the soft variable. If core dumps are required, consider setting limits for user groups (see limits.conf(5)
). In addition, setting the fs.suid_dumpable
variable to 0 will prevent setuid
programs from dumping core.
Audit
Run the following commands and verify output matches:
# grep "hard core" /etc/security/limits.conf /etc/security/limits.d/* * hard core 0 # sysctl fs.suid_dumpable fs.suid_dumpable = 0
Remediation
Add the following line to the /etc/security/limits.conf
file or a /etc/security/limits.d/*
file:
* hard core 0
Set the following parameter in the /etc/sysctl.conf
file:
fs.suid_dumpable = 0
Run the following command to set the active kernel parameter:
# sysctl -w fs.suid_dumpable=0