Disable Core Dumps for SUID programs
An XCCDF Rule
Description
To set the runtime status of the fs.suid_dumpable
kernel parameter, run the following command:
$ sudo sysctl -w fs.suid_dumpable=0To make sure that the setting is persistent, add the following line to a file in the directory
/etc/sysctl.d
: fs.suid_dumpable = 0
Rationale
The core dump of a setuid program is more likely to contain sensitive data, as the program itself runs with greater privileges than the user who initiated execution of the program. Disabling the ability for any setuid program to write a core file decreases the risk of unauthorized access of such data.
- ID
- xccdf_org.ssgproject.content_rule_sysctl_fs_suid_dumpable
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: List /etc/sysctl.d/*.conf files
find:
paths:
- /etc/sysctl.d/
- /run/sysctl.d/
- /usr/local/lib/sysctl.d/