← Rules Catalog
mediumsystemverified rollback-safe

Restrict core dumps

coredump-restricted · RHEL ≥ 8 · 1 impl

Description

Core dumps should be restricted to prevent sensitive information from being written to disk when a program crashes.

Rationale

Core dumps may contain sensitive data like passwords, encryption keys, or other confidential information from program memory. Restricting core dumps prevents this data from being written to disk.

Check → Remediate

Checkcommand
if grep -rqsE '^[[:space:]]*\*[[:space:]]+hard[[:space:]]+core[[:space:]]+0([[:space:]]|$)' \
     /etc/security/limits.conf /etc/security/limits.d/ 2>/dev/null; then
  exit 0
fi
echo "FAIL: '* hard core 0' not set in limits.conf or limits.d"
exit 1
expected_exit:
0
Remediateconfig_set
path:
/etc/security/limits.conf
key:
* hard core
value:
0
separator:

Framework references

CIS

rhel8 1.5.1rhel9 1.5.1rhel10 1.5.1

STIG

V-281319 / RHEL-10-701170V-257814 / RHEL-09-213095V-230313 / RHEL-08-010673

NIST 800-53

SC-7

Live verification

rhel10:checkrhel8:checkrhel9:check
#coredump#security#memory#privacy