Rule ID
SV-281311r1167083_rule
Version
V1R1
CCIs
A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.
Verify RHEL 10 disables storing core dumps. Check the status of the "kernel.core_pattern" kernel parameter with the following command: $ sudo sysctl kernel.core_pattern kernel.core_pattern = |/bin/false If "kernel.core_pattern" is not set to "|/bin/false", or a line is not returned and the need for core dumps is not documented with the information system security officer as an operational requirement, this is a finding.
Configure RHEL 10 to disable storing core dumps. Create a drop-in if it does not already exist: $ sudo vi /etc/sysctl.d/99-kernel_core_pattern.conf Add the following to the file: kernel.core_pattern = |/bin/false Reload settings from all system configuration files with the following command: $ sudo sysctl --system