{"description": "To set the runtime status of the kernel.core_pattern kernel parameter, run the following command: $ sudo sysctl -w kernel.core_pattern=|/bin/false
\nTo make sure that the setting is persistent, add the following line to a file in the directory /etc/sysctl.d: kernel.core_pattern = |/bin/false
", "rationale": "A core dump includes a memory image taken at the time the operating system\nterminates an application. The memory image could contain sensitive data and is generally useful\nonly for developers trying to debug problems.", "severity": "medium", "references": {"nist": ["SC-7(10)"], "srg": ["SRG-OS-000480-GPOS-00227"], "pcidss4": ["3.3.1.1", "3.3.1", "3.3"]}, "control_references": {"pcidss4": ["3.3.1.1", "3.3.1", "3.3"]}, "components": [], "identifiers": {}, "ocil_clause": "the returned line does not have a value of \"|/bin/false\", or a line is not\nreturned and the need for core dumps is not documented with the Information\nSystem Security Officer (ISSO) as an operational requirement", "ocil": "The runtime status of the kernel.core_pattern kernel parameter can be queried\nby running the following command:\n$ sysctl kernel.core_pattern
\n|/bin/false.\n", "oval_external_content": null, "fixtext": "Configure Ubuntu 22.04 to disable storing core dumps.\nAdd or edit the following line in a system configuration file in the \"/etc/sysctl.d/\" directory:\nkernel.core_pattern = |/bin/false\n\nLoad settings from all system configuration files with the following command:\n\n$ sudo sysctl --system", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 must disable the kernel.core_pattern.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must disable the kernel.core_pattern.", "vuldiscussion": "A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.", "checktext": "Verify Ubuntu 22.04 disables storing core dumps with the following commands:\n\n$ sudo sysctl kernel.core_pattern\n\nkernel.core_pattern = |/bin/false\n\nIf the returned line does not have a value of \"|/bin/false\", or a line is not returned and the need for core dumps is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.\n\nCheck that the configuration files are present to disable core dump storage.\n\n$ sudo /usr/lib/systemd/systemd-sysctl --cat-config | egrep -v '^(#|;)' | grep -F kernel.core_pattern | tail -1\n\nkernel.core_pattern = |/bin/false\n\nIf \"kernel.core_pattern\" is not set to \"|/bin/false\" and is not documented with the ISSO as an operational requirement, or is missing, this is a finding.", "fixtext": "Configure Ubuntu 22.04 to disable storing core dumps.\n\nAdd or edit the following line in a system configuration file, in the \"/etc/sysctl.d/\" directory:\n\nkernel.core_pattern = |/bin/false\n\nThe system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:\n\n$ sudo sysctl --system"}}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {"check-import": "stdout", "platform": ["multi_platform_all"], "environment": "any", "filename": "sysctl_kernel_core_pattern.sh", "relative_path": "ubuntu2204/checks/sce/sysctl_kernel_core_pattern.sh"}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Disable storing core dumps", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml", "template": {"name": "sysctl", "vars": {"sysctlvar": "kernel.core_pattern", "sysctlval": "|/bin/false", "datatype": "string"}, "backends": {}}}