Title

Process core dumps must be disabled unless needed. (Cat III impact)

Discussion

A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.

Check Content

To verify that core dumps are disabled for all users, run the following command: $ grep core /etc/security/limits.conf /etc/security/limits.d/*.conf The output should be: * hard core 0 If it is not, this is a finding.

Fix Text

To disable core dumps for all users, add the following line to "/etc/security/limits.conf": * hard core 0

Additional Identifiers

Rule ID: SV-218054r603264_rule

Vulnerability ID: V-218054

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.