{"description": "The kernel.core_pattern option specifies the core dumpfile pattern\nname. It can be set to an empty string. In this case, the kernel\nbehaves differently based on another related option. If\nkernel.core_uses_pid is set to 1, then a file named as\n.PID (where PID is process ID of the crashed process) is\ncreated in the working directory. If kernel.core_uses_pid is set to\n0, no coredump is saved.\nTo set the runtime status of the kernel.core_pattern kernel parameter,\nrun the following command:\n$ sudo sysctl -w kernel.core_pattern=
\n\nTo make sure that the setting is persistent,\nadd the following line to a file in the directory /etc/sysctl.d:\nkernel.core_pattern =
", "rationale": "A core dump includes a memory image taken at the time the operating system\nterminates an application. The memory image could contain sensitive data and is generally useful\nonly for developers trying to debug problems.", "severity": "medium", "references": {"ospp": ["FMT_SMF_EXT.1"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "the returned line does not have an empty string", "ocil": "The runtime status of the kernel.core_pattern kernel parameter can be queried\nby running the following command:\n$ sysctl kernel.core_pattern | cat -A
\nkernel.core_pattern = $\n", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": ["sysctl_kernel_core_pattern"], "requires": ["sysctl_kernel_core_uses_pid"], "policy_specific_content": {}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Disable storing core dumps", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/rule.yml", "template": null}