{"description": "The <tt>systemd-coredump.socket</tt> unit is a socket activation of\nthe <tt>systemd-coredump@.service</tt> which processes core dumps.\nBy masking the unit, core dump processing is disabled.", "rationale": "A core dump includes a memory image taken at the time the operating system\nterminates an application. The memory image could contain sensitive data\nand is generally useful only for developers trying to debug problems.", "severity": "medium", "references": {"nist": ["SC-7(10)"], "ospp": ["FMT_SMF_EXT.1"], "srg": ["SRG-OS-000480-GPOS-00227"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "unit systemd-coredump.socket is not masked or running", "ocil": "To verify that acquiring, saving, and processing core dumps is disabled, run the\nfollowing command:\n<pre>$ systemctl status systemd-coredump.socket</pre>\nThe output should be similar to:\n<pre>\u25cf systemd-coredump.socket\n   Loaded: masked (Reason: Unit systemd-coredump.socket is masked.)\n   Active: inactive (dead) ...\n</pre>", "oval_external_content": null, "fixtext": "To disable the systemd-coredump service run the following command:\n$ sudo systemctl disable --now systemd-coredump\n$ sudo systemctl mask --now systemd-coredump", "checktext": "", "vuldiscussion": "", "srg_requirement": "The Ubuntu 22.04 service systemd-coredump must be disabled.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must disable acquiring, saving, and processing core dumps.", "vuldiscussion": "A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.", "checktext": "Verify Ubuntu 22.04 is not configured to acquire, save, or process core dumps with the following command:\n\n$ sudo systemctl status systemd-coredump.socket\n\nsystemd-coredump.socket\nLoaded: masked (Reason: Unit systemd-coredump.socket is masked.)\nActive: inactive (dead)\n\nIf the \"systemd-coredump.socket\" is loaded and not masked and the need for core dumps is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.", "fixtext": "Configure the system to disable the systemd-coredump.socket with the following command:\n\n$ sudo systemctl mask --now systemd-coredump.socket\n\nCreated symlink /etc/systemd/system/systemd-coredump.socket -&gt; /dev/null\n\nReload the daemon for this change to take effect.\n\n$ sudo systemctl daemon-reload"}}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {"check-import": "stdout", "platform": ["multi_platform_all"], "environment": "any", "filename": "service_systemd-coredump_disabled.sh", "relative_path": "ubuntu2204/checks/sce/service_systemd-coredump_disabled.sh"}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Disable acquiring, saving, and processing core dumps", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml", "template": {"name": "socket_disabled", "vars": {"socketname": "systemd-coredump", "packagename": "systemd-udev"}, "backends": {}}}