Title

AIX process core dumps must be disabled. (Cat II impact)

Discussion

A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.

Check Content

From the command prompt, run the following command: # lsuser -a core ALL root core=0 daemon core=0 bin core=0 sys core=0 adm core=0 uucp core=0 snapp core=0 ipsec core=0 srvproxy core=0 esaadmin core=0 sshd core=0 doejohn core=0 If any user does not have a value of "core = 0", this is a finding.

Fix Text

Run command: # chsec -f /etc/security/limits -s default -a core=0

Additional Identifiers

Rule ID: SV-215396r508663_rule

Vulnerability ID: V-215396

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.