metadata/service/system/cis/cis-1-5-1.yml - salt-formulas/linux - Gitiles

 # CIS 1.5.1 Ensure core dumps are restricted (Scored)
 #
 # Description
 # ===========
 #
 # A core dump is the memory of an executable program. It is generally used to determine
 # why a program aborted. It can also be used to glean confidential information from a core
 # file. The system provides the ability to set a soft limit for core dumps, but this can be
 # overridden by the user.
 #
 # Rationale
 # =========
 #
 # Setting a hard limit on core dumps prevents users from overriding the soft variable. If core
 # dumps are required, consider setting limits for user groups (see limits.conf(5) ). In
 # addition, setting the fs.suid_dumpable variable to 0 will prevent setuid programs from
 # dumping core.
 #
 # Audit
 # =====
 #
 # Run the following commands and verify output matches:
 #
 #   # grep "hard core" /etc/security/limits.conf /etc/security/limits.d/*
 #   * hard core 0
 #   # sysctl fs.suid_dumpable
 #   fs.suid_dumpable = 0
 #
 # Remediation
 # ===========
 #
 # Add the following line to the /etc/security/limits.conf file or a
 # /etc/security/limits.d/* file:
 #
 #   * hard core 0
 #
 # Set the following parameter in the /etc/sysctl.conf file:
 #
 #   fs.suid_dumpable = 0
 #
 # Run the following command to set the active kernel parameter:
 #
 #   # sysctl -w fs.suid_dumpable=0

 parameters:
   linux:
     system:
       limit:
         cis:
           enabled: true
           domain: '*'
           limits:
           - type: 'hard'
             item: 'core'
             value: 0
       kernel:
         sysctl:
           fs.suid_dumpable: 0
	# CIS 1.5.1 Ensure core dumps are restricted (Scored)
	#
	# Description
	# ===========
	#
	# A core dump is the memory of an executable program. It is generally used to determine
	# why a program aborted. It can also be used to glean confidential information from a core
	# file. The system provides the ability to set a soft limit for core dumps, but this can be
	# overridden by the user.
	#
	# Rationale
	# =========
	#
	# Setting a hard limit on core dumps prevents users from overriding the soft variable. If core
	# dumps are required, consider setting limits for user groups (see limits.conf(5) ). In
	# addition, setting the fs.suid_dumpable variable to 0 will prevent setuid programs from
	# dumping core.
	#
	# Audit
	# =====
	#
	# Run the following commands and verify output matches:
	#
	# # grep "hard core" /etc/security/limits.conf /etc/security/limits.d/*
	# * hard core 0
	# # sysctl fs.suid_dumpable
	# fs.suid_dumpable = 0
	#
	# Remediation
	# ===========
	#
	# Add the following line to the /etc/security/limits.conf file or a
	# /etc/security/limits.d/* file:
	#
	# * hard core 0
	#
	# Set the following parameter in the /etc/sysctl.conf file:
	#
	# fs.suid_dumpable = 0
	#
	# Run the following command to set the active kernel parameter:
	#
	# # sysctl -w fs.suid_dumpable=0

	parameters:
	linux:
	system:
	limit:
	cis:
	enabled: true
	domain: '*'
	limits:
	- type: 'hard'
	item: 'core'
	value: 0
	kernel:
	sysctl:
	fs.suid_dumpable: 0