3.1 Restrict Core Dumps to Protected Directory - init core file content

Information

The action described in this section creates a protected directory to store core dumps and also causes the system to create a log entry whenever a regular process dumps core.

Core dumps, particularly those from set-UID and set-GID processes, may contain sensitive data.

Solution

To implement the recommendation, run the commands:
# chmod 700 /var/cores
# coreadm -g /var/cores/core_%n_%f_%u_%g_%t_%p -e log -e global -e global-setid -d process -d proc-setid

If the local site chooses, dumping of core files can be completely disabled with the following command:
# coreadm -d global -d global-setid -d process -d proc-setid

See Also

https://workbench.cisecurity.org/files/611

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(10)

Plugin: Unix

Control ID: 18ce26b4f8b1fca5625f5fb92b39f53a72b46de1c0832c97a0b94f66c207dc54