mediumsystemverified ✓rollback-safe
Restrict core dumps
coredump-restricted · RHEL ≥ 8 · 1 impl
Description
Core dumps should be restricted to prevent sensitive information from being written to disk when a program crashes.
Rationale
Core dumps may contain sensitive data like passwords, encryption keys, or other confidential information from program memory. Restricting core dumps prevents this data from being written to disk.
Check → Remediate
Checkcommand
if grep -rqsE '^[[:space:]]*\*[[:space:]]+hard[[:space:]]+core[[:space:]]+0([[:space:]]|$)' \
/etc/security/limits.conf /etc/security/limits.d/ 2>/dev/null; then
exit 0
fi
echo "FAIL: '* hard core 0' not set in limits.conf or limits.d"
exit 1
- expected_exit:
- 0
Remediateconfig_set
- path:
- /etc/security/limits.conf
- key:
- * hard core
- value:
- 0
- separator:
Framework references
CIS
rhel8 1.5.1rhel9 1.5.1rhel10 1.5.1
STIG
V-281319 / RHEL-10-701170V-257814 / RHEL-09-213095V-230313 / RHEL-08-010673
NIST 800-53
SC-7
Live verification
rhel10:checkrhel8:checkrhel9:check
#coredump#security#memory#privacy