3.8 Restrict Core Dumps to Protected Directory - init core file pattern

Information

The action described in this section creates a protected directory to store core dumps and
also causes the system to create a log entry whenever a regular process dumps core.

Rationale:

Core dumps, particularly those from set-UID and set-GID processes, may contain sensitive
data.

Solution

To implement the recommendation, run the commands:

# chmod 700 /var/share/cores

# coreadm -g /var/share/cores/core_%n_%f_%u_%g_%t_%p
-e log -e global -e global-setid
-d process -d proc-setid

If the local site chooses, dumping of core files can be completely disabled with the following
command:

# coreadm -d global -d global-setid -d process -d proc-setid

See Also

https://workbench.cisecurity.org/files/2582

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7, CSCv7|13.2

Plugin: Unix

Control ID: 8db33fe6f4c673e5f998d94e7663487ffb2cf70dec6a0402d62f5504183434ca