Skip to content
Log In

Disable acquiring, saving, and processing core dumps

An XCCDF Rule

Description

The systemd-coredump.socket unit is a socket activation of the systemd-coredump@.service which processes core dumps. By masking the unit, core dump processing is disabled.

Rationale

A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.

ID
xccdf_org.ssgproject.content_rule_service_systemd-coredump_disabled
Severity
Medium
References
Updated

Remediation Templates

A Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
SOCKET_NAME="systemd-coredump.socket"
SYSTEMCTL_EXEC='/usr/bin/systemctl'

if "$SYSTEMCTL_EXEC" -q list-unit-files --type socket | grep -q "$SOCKET_NAME"; then

An Ansible Snippet

- name: Disable acquiring, saving, and processing core dumps - Collect systemd Socket
    Units Present in the System
  ansible.builtin.command:
    cmd: systemctl -q list-unit-files --type socket
  register: result_systemd_unit_files
  changed_when: false