3.10 Disable core dumps - lssec

Information

This change disables core dumps in the default user stanza of /etc/security/limits and also ensures the fullcore kernel parameter is set to false.

Rationale:

The creation of core dumps can reveal pertinent system information, potentially even passwords, within the core file. The ability to create a core dump is also a vulnerability to be exploited by a hacker.

The commands below disable core dumps by default, but they may be specifically enabled for a particular user in /etc/security/limits.

Solution

Change the default user stanza attributes core and core_hard in /etc/security/limits and then set the fullcore kernel parameter to false:

chsec -f /etc/security/limits -s default -a core=0 -a core_hard=0
chdev -l sys0 -a fullcore=false

Default Value:

Core dumps enabled

See Also

https://workbench.cisecurity.org/files/4119

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(10)

Plugin: Unix

Control ID: 630e673cd64c3d84d0a26c667548ec480cd9ae754a79420daa1c074631ca21da