Ensure core dumps are restricted - sysctl.conf

Information

A core dump is the memory of an executable program. It is generally used to determine why a program aborted. It can also be used to glean confidential information from a core file. The system provides the ability to set a soft limit for core dumps, but this can be overridden by the user.

Solution

Add the following line to /etc/security/limits.conf or a /etc/security/limits.d/* file:
* hard core 0

Set the following parameter in /etc/sysctl.conf or a /etc/sysctl.d/* file:
fs.suid_dumpable = 0

Run the following command to set the active kernel parameter:
# sysctl -w fs.suid_dumpable=0

See Also

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623.html

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT

References: 800-53|AC-6(10), 800-53|CM-7, CSCv6|13

Plugin: Unix

Control ID: eaa9ebbeb91b8b97e7ab5e560cc02004c47016ae3f72f32a57acc31f1a9f66d9