Powered by GitBook

Verify ProcessSizeMax in /etc/systemd/coredump.conf

Description

The ProcessSizeMax setting sets the maximum size in bytes of a core which will be processed. Core dumps exceeding this size may be stored, but the backtrace will not be generated.

Setting Storage=none and ProcessSizeMax=0 disables all coredump handling except for a log entry.

Rationale

Kernel core dumps may contain the full contents of system memory at the time of the crash. Kernel core dumps may consume a considerable amount of disk space and may result in denial of service by exhausting the available space on the target file system partition.

Audit

@test "Verify ProcessSizeMax in /etc/systemd/coredump.conf" {
  run bash -c "grep '^ProcessSizeMax=0$' /etc/systemd/coredump.conf"
  [ "$status" -eq 0 ]
}

Remediation

shell

sed -i 's/^#ProcessSizeMax=.*/ProcessSizeMax=0/' "/etc/systemd/coredump.conf"

References

STIG-ID: UBTU-16-010900
STIG-ID: RHEL-07-021300
CIS RHEL 7 Benchmark 2.2.0: 1.5.1
CIS Ubuntu 18.04 v1.0.0: 1.5.1
https://www.freedesktop.org/software/systemd/man/coredump.conf.html

results matching ""

No results matching ""