The system must be configured to store any process core dumps in a specific, centralized directory.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22399 | GEN003501 | SV-26577r1_rule | ECLP-1 | Low |
| Description |
|---|
| Specifying a centralized location for core file creation allows for the centralized protection of core files. Process core dumps contain the memory in use by the process when it crashed. Any data the process was handling may be contained in the core file, and it must be protected accordingly. If process core dump creation is not configured to use a centralized directory, core dumps may be created in a directory without appropriate ownership or permissions configured, which could result in unauthorized access to the core dumps. |
| STIG | Date |
|---|---|
| HP-UX 11.31 Security Technical Implementation Guide | 2018-09-14 |
Details
| Check Text ( C-36488r2_chk ) |
|---|
| View all coreadm configuration settings. # coreadm Or View only if a directory is defined for process core dumps. If no information is returned, a directory has not been defined. # coreadm | tr '\011' ' ' | tr -s ' ' | egrep -i "global core file pattern|global core dumps" If the process core dump directory is undefined and core dumps are disabled, this is not applicable. If the process core dump directory is defined with a relative path (does not start with a slash "/") and core dumps are enabled, this is a finding. |
| Fix Text (F-31840r2_fix) |
|---|
| Change the core file pattern. # coreadm -I /var/adm/crash/core.%f.%p Where: %f = Will be assigned the executable/program file name creating the core %p = Will be assigned the executable/program process ID creating the core Ensure that core dumps are enabled: # coreadm -e global |