OL 9 must disable acquiring, saving, and processing core dumps.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-271732 | SRG-OS-000480-GPOS-00227 | OL09-00-002384 | SV-271732r1091908_rule | 2025-05-08 | 1 |
| Description |
|---|
| A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems. |
| ℹ️ Check |
|---|
| Verify that OL 9 is not configured to acquire, save, or process core dumps with the following command: $ systemctl status systemd-coredump.socket systemd-coredump.socket Loaded: masked (Reason: Unit systemd-coredump.socket is masked.) Active: inactive (dead) If the "systemd-coredump.socket" is loaded and not masked and the need for core dumps is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding. |
| ✔️ Fix |
|---|
| Configure the system to disable the systemd-coredump.socket with the following command: $ sudo systemctl mask --now systemd-coredump.socket Created symlink /etc/systemd/system/systemd-coredump.socket -> /dev/null Reload the daemon for this change to take effect. $ sudo systemctl daemon-reload |