← Rules Catalog
mediumsystemverified rollback-safe

Ensure core dump storage is disabled

coredump-storage-disabled · RHEL ≥ 8 · 1 impl

Description

Core dumps should not be stored to prevent potential exposure of sensitive data from application memory. The systemd-coredump service should be configured to not store core dumps.

Rationale

Core dumps can contain sensitive information from application memory including passwords, encryption keys, and other confidential data. Disabling storage prevents this data from being written to disk where it could be accessed.

Check → Remediate

Checkcommand
systemd-analyze cat-config systemd/coredump.conf 2>/dev/null | grep -E '^Storage=' | tail -1 | grep -q '^Storage=none$'
expected_exit:
0
Remediateconfig_set_dropin
dir:
/etc/systemd/coredump.conf.d
file:
00-kensa-coredump.conf
key:
Storage
value:
none
section:
[Coredump]

Framework references

CIS

rhel9 1.5.4rhel8 1.5.10rhel10 1.5.10

STIG

V-281318 / RHEL-10-701160V-257813 / RHEL-09-213090V-230314 / RHEL-08-010674

NIST 800-53

SC-4

Live verification

rhel8:checkrhel9:check
#coredump#security#memory#privacy