Saltstack Official Linux Formula
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。

60 行
1.5KB

  1. # CIS 1.5.1 Ensure core dumps are restricted (Scored)
  2. #
  3. # Description
  4. # ===========
  5. #
  6. # A core dump is the memory of an executable program. It is generally used to determine
  7. # why a program aborted. It can also be used to glean confidential information from a core
  8. # file. The system provides the ability to set a soft limit for core dumps, but this can be
  9. # overridden by the user.
  10. #
  11. # Rationale
  12. # =========
  13. #
  14. # Setting a hard limit on core dumps prevents users from overriding the soft variable. If core
  15. # dumps are required, consider setting limits for user groups (see limits.conf(5) ). In
  16. # addition, setting the fs.suid_dumpable variable to 0 will prevent setuid programs from
  17. # dumping core.
  18. #
  19. # Audit
  20. # =====
  21. #
  22. # Run the following commands and verify output matches:
  23. #
  24. # # grep "hard core" /etc/security/limits.conf /etc/security/limits.d/*
  25. # * hard core 0
  26. # # sysctl fs.suid_dumpable
  27. # fs.suid_dumpable = 0
  28. #
  29. # Remediation
  30. # ===========
  31. #
  32. # Add the following line to the /etc/security/limits.conf file or a
  33. # /etc/security/limits.d/* file:
  34. #
  35. # * hard core 0
  36. #
  37. # Set the following parameter in the /etc/sysctl.conf file:
  38. #
  39. # fs.suid_dumpable = 0
  40. #
  41. # Run the following command to set the active kernel parameter:
  42. #
  43. # # sysctl -w fs.suid_dumpable=0
  44. parameters:
  45. linux:
  46. system:
  47. limit:
  48. cis:
  49. enabled: true
  50. domain: '*'
  51. limits:
  52. - type: 'hard'
  53. item: 'core'
  54. value: 0
  55. kernel:
  56. sysctl:
  57. fs.suid_dumpable: 0