Disable storing core dump
An XCCDF Rule
Description
The Storage
option in [Coredump]
sectionof /etc/systemd/coredump.conf
can be set to none
to disable storing core dumps permanently.
warning alert: Warning
If the
/etc/systemd/coredump.conf
file
does not already contain the [Coredump]
section,
the value will not be configured correctly.Rationale
A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers or system operators trying to debug problems. Enabling core dumps on production systems is not recommended, however there may be overriding operational requirements to enable advanced debuging. Permitting temporary enablement of core dumps during such situations should be reviewed through local needs and policy.
- ID
- xccdf_org.ssgproject.content_rule_coredump_disable_storage
- Severity
- Medium
- References
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if dpkg-query --show --showformat='${db:Status-Status}\n' 'systemd' 2>/dev/null | grep -q installed; then
if [ -e "/etc/systemd/coredump.conf" ] ; then
LC_ALL=C sed -i "/^\s*Storage\s*=\s*/Id" "/etc/systemd/coredump.conf"
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- NIST-800-53-CM-6
- PCI-DSS-Req-3.2