Title: Ensure core dump backtraces are disabled Description: A core dump is the memory of an executable program. It is generally used to determine why a program aborted. It can also be used to glean confidential information from a core file. Rationale: A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems, increasing the risk to the system. Audit: Run the following command to verify ProcessSizeMax is set to 0 in /etc/systemd/coredump.conf : # grep -i '^\s*ProcessSizeMax \s*=\s*0' /etc/systemd/coredump.conf ProcessSizeMax=0 Remediation: Edit or add the following line in /etc/systemd/coredump.conf : ProcessSize Max=0 Default Value: ProcessSizeMax=2G

[0, none]

Remediation: Edit or add the following line in /etc/systemd/coredump.conf : ProcessSize Max=0 Default Value: ProcessSizeMax=2G Edit or add the following line in /etc/systemd/coredump.conf : Storage=none