ubuntu1604:1:5:1

1.5.1 Ensure core dumps are restricted (Scored)

Profile Applicability

Level 1 - Server 
Level 1 - Workstation

Description

A core dump is the memory of an executable program. It is generally used to determine why a program aborted. It can also be used to glean confidential information from a core file. The system provides the ability to set a soft limit for core dumps, but this can be overridden by the user.

Rationale

Setting a hard limit on core dumps prevents users from overriding the soft variable. If core dumps are required, consider setting limits for user groups (see limits.conf(5)). In addition, setting the fs.suid_dumpable variable to 0 will prevent setuid programs from dumping core.

Audit

Run the following commands and verify output matches: 

# grep "hard core" /etc/security/limits.conf /etc/security/limits.d/* 
* hard core 0 
# sysctl fs.suid_dumpable 
fs.suid_dumpable = 0

Remediation

Add the following line to the /etc/security/limits.conf file or a /etc/security/limits.d/* file: 

* hard core 0

Set the following parameter in the /etc/sysctl.conf file: 

fs.suid_dumpable = 0

Run the following command to set the active kernel parameter: 

# sysctl -w fs.suid_dumpable=0
  • ubuntu1604/1/5/1.txt
  • Last modified: 2017/05/04 03:57
  • by Piotr Kłoczewski