The centralized process core dump data directory must be owned by root.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22400 | GEN003502 | SV-46152r1_rule | Low |
| Description |
|---|
| Process core dumps contain the memory in use by the process when it crashed. Any data the process was handling may be contained in the core file, and it must be protected accordingly. If the centralized process core dump data directory is not owned by root, the core dumps contained in the directory may be subject to unauthorized access. |
| STIG | Date |
|---|---|
| SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide | 2018-09-19 |
Details
| Check Text ( C-43413r1_chk ) |
|---|
| Procedure: Check the defined directory for process core dumps. # cat /proc/sys/kernel/core_pattern|xargs -n1 -IPATTERN dirname PATTERN Check the existence and ownership of the directory # ls -lLd If the directory does not exist or is not owned by root, this is a finding. |
| Fix Text (F-39491r1_fix) |
|---|
| If the core file directory does not exist it must be created. # mkdir -p If necessary, change the owner of the core file directory. # chown root |