CCE-55034-3Platform: cpe:/o:redhat:enterprise_linux:8,cpe:/o:oracle:linux:7,cpe:/o:oracle:linux:8,cpe:/o:amazon:linux:2,cpe:/o:redhat:enterprise_linux:9,cpe:/o:redhat:enterprise_linux:7,cpe:/o:centos:centos:7 | Date: (C)2024-01-08 (M)2024-04-23 |
Title:
Ensure core dump backtraces are disabled
Description:
A core dump is the memory of an executable program. It is generally used to determine
why a program aborted. It can also be used to glean confidential information from a core
file.
Rationale:
A core dump includes a memory image taken at the time the operating system terminates
an application. The memory image could contain sensitive data and is generally useful only
for developers trying to debug problems, increasing the risk to the system.
Audit:
Run the following command to verify ProcessSizeMax is set to 0 in
/etc/systemd/coredump.conf :
# grep -i '^\s*ProcessSizeMax \s*=\s*0' /etc/systemd/coredump.conf
ProcessSizeMax=0
Remediation:
Edit or add the following line in /etc/systemd/coredump.conf :
ProcessSize Max=0
Default Value:
ProcessSizeMax=2G
Parameter:
[0, none]
Technical Mechanism:
Remediation:
Edit or add the following line in /etc/systemd/coredump.conf :
ProcessSize Max=0
Default Value:
ProcessSizeMax=2G
Edit or add the following line in /etc/systemd/coredump.conf :
Storage=none
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.5 | Attack Vector: LOCAL |
Exploit Score: 1.8 | Attack Complexity: LOW |
Impact Score: 3.6 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: NONE |
| Availability: NONE |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:96269 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97256 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97517 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97457 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97225 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97490 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97194 |