Detections
Analytics

1.115 OL08-00-010673

Information

OL 8 must disable core dumps for all users.

GROUP ID: V-248631
RULE ID: SV-248631r991589

It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.

A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.

Solution

Configure OL 8 to disable core dumps for all users.

Add the following line to the top of "/etc/security/limits.conf" or in a ".conf" file defined in "/etc/security/limits.d/":

* hard core 0

See Also

https://workbench.cisecurity.org/benchmarks/23791

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-248631r991589_rule, STIG-ID|OL08-00-010673, Vuln-ID|V-248631

Plugin: Unix

Control ID: c08c1afb13beb63f92c45d83c53507fe908ce5b5a2c2430a07966565c49f8009