3.2 Restrict Core Dumps to Protected Directory - Check if permissions for /var/cores are OK.

Information

The action described in this section creates a protected directory to store core dumps and also causes the system to create a log entry whenever a regular process dumps core.

Solution

To restrict core files to a protected directory, run the following commands-
mkdir -p /var/cores
chown root:root /var/cores
chmod 700 /var/cores
coreadm -g /var/cores/core_%n_%f_%u_%g_%t_%p -e log -e global -e global-setid -d process -d proc-setid

If the local site chooses, dumping of core files can be completely disabled with the following command-
coreadm -d global -d global-setid -d process -d proc-setid

See Also

https://workbench.cisecurity.org/files/614