|
- # CIS 1.5.1 Ensure core dumps are restricted (Scored)
- #
- # Description
- # ===========
- #
- # A core dump is the memory of an executable program. It is generally used to determine
- # why a program aborted. It can also be used to glean confidential information from a core
- # file. The system provides the ability to set a soft limit for core dumps, but this can be
- # overridden by the user.
- #
- # Rationale
- # =========
- #
- # Setting a hard limit on core dumps prevents users from overriding the soft variable. If core
- # dumps are required, consider setting limits for user groups (see limits.conf(5) ). In
- # addition, setting the fs.suid_dumpable variable to 0 will prevent setuid programs from
- # dumping core.
- #
- # Audit
- # =====
- #
- # Run the following commands and verify output matches:
- #
- # # grep "hard core" /etc/security/limits.conf /etc/security/limits.d/*
- # * hard core 0
- # # sysctl fs.suid_dumpable
- # fs.suid_dumpable = 0
- #
- # Remediation
- # ===========
- #
- # Add the following line to the /etc/security/limits.conf file or a
- # /etc/security/limits.d/* file:
- #
- # * hard core 0
- #
- # Set the following parameter in the /etc/sysctl.conf file:
- #
- # fs.suid_dumpable = 0
- #
- # Run the following command to set the active kernel parameter:
- #
- # # sysctl -w fs.suid_dumpable=0
-
- parameters:
- linux:
- system:
- limit:
- cis:
- enabled: true
- domain: '*'
- limits:
- - type: 'hard'
- item: 'core'
- value: 0
- kernel:
- sysctl:
- fs.suid_dumpable: 0
|
