Process core dumps must be disabled unless needed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-11996 | GEN003500 | SV-37546r2_rule | Low |
| Description |
|---|
| Process core dumps contain the memory in use by the process when it crashed. Process core dump files can be of significant size and their use can result in file systems filling to capacity, which may result in Denial of Service. Process core dumps can be useful for software debugging. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2017-03-01 |
Details
| Check Text ( C-36201r2_chk ) |
|---|
| # ulimit -Hc If the above command does not return 0 and the enabling of core dumps has not been documented and approved by the IAO, this a finding. |
| Fix Text (F-31460r3_fix) |
|---|
| Edit /etc/security/limits.conf and set a hard limit for "core" to 0 for all users. A new login will be required for the changes to take effect. |