Title

Process core dumps must be disabled unless needed. (Cat III impact)

Discussion

Process core dumps contain the memory in use by the process when it crashed. Process core dump files can be of significant size and their use can result in file systems filling to capacity, which may result in Denial of Service. Process core dumps can be useful for software debugging.

Check Content

# grep -c ulimit /etc/profile If the return value of this command is 0, this is a finding. If the return value of this command is not 0: # grep ulimit /etc/profile If the -c argument with a value of 0 is not present, this is a finding.

Fix Text

Edit /etc/profile, ensure the ulimit command is present with the -c argument of the ulimit command set to 0.

Additional Identifiers

Rule ID: SV-35008r1_rule

Vulnerability ID: V-11996

Group Title: GEN003500

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.