1.5.1 Ensure core dumps are restricted - sysctl

Information

A core dump is the memory of an executable program. It is generally used to determine
why a program aborted. It can also be used to glean confidential information from a core
file. The system provides the ability to set a soft limit for core dumps, but this can be
overridden by the user.

Rationale:

Setting a hard limit on core dumps prevents users from overriding the soft variable. If core
dumps are required, consider setting limits for user groups (see limits.conf(5) ). In
addition, setting the fs.suid_dumpable variable to 0 will prevent setuid programs from
dumping core.

Solution

Add the following line to /etc/security/limits.conf or a /etc/security/limits.d/*
file:

* hard core 0

Set the following parameter in /etc/sysctl.conf or a /etc/sysctl.d/* file:

fs.suid_dumpable = 0

Run the following command to set the active kernel parameter:

# sysctl -w fs.suid_dumpable=0

If systemd-coredump is installed:
edit /etc/systemd/coredump.conf and add/modify the following lines:

Storage=none
ProcessSizeMax=0

Run the command:

systemctl daemon-reload

See Also

https://workbench.cisecurity.org/files/2420