# CIS 1.5.1 Ensure core dumps are restricted (Scored)
#
# Description
# ===========
#
# A core dump is the memory of an executable program. It is generally used to determine
# why a program aborted. It can also be used to glean confidential information from a core
# file. The system provides the ability to set a soft limit for core dumps, but this can be
# overridden by the user.
#
# Rationale
# =========
#
# Setting a hard limit on core dumps prevents users from overriding the soft variable. If core
# dumps are required, consider setting limits for user groups (see limits.conf(5) ). In
# addition, setting the fs.suid_dumpable variable to 0 will prevent setuid programs from
# dumping core.
#
# Audit
# =====
#
# Run the following commands and verify output matches:
#
#   # grep "hard core" /etc/security/limits.conf /etc/security/limits.d/*
#   * hard core 0
#   # sysctl fs.suid_dumpable
#   fs.suid_dumpable = 0
#
# Remediation
# ===========
#
# Add the following line to the /etc/security/limits.conf file or a
# /etc/security/limits.d/* file:
#
#   * hard core 0
#
# Set the following parameter in the /etc/sysctl.conf file:
#
#   fs.suid_dumpable = 0
#
# Run the following command to set the active kernel parameter:
#
#   # sysctl -w fs.suid_dumpable=0

parameters:
  linux:
    system:
      limit:
        cis:
          enabled: true
          domain: '*'
          limits:
          - type: 'hard'
            item: 'core'
            value: 0
      kernel:
        sysctl:
          fs.suid_dumpable: 0