-
Bug
-
Resolution: Won't Do
-
Undefined
-
None
-
rhel-9.3.0
-
None
-
Normal
-
sst_security_compliance
-
ssg_security
-
None
-
False
-
-
None
-
Red Hat Enterprise Linux
-
None
-
None
-
None
-
None
What were you trying to do that didn't work?
When selecting the OSPP profile ("Protection Profile for General Purpose Operating Systems (144)"), xccdf_org.ssgproject.content_rule_sysctl_kernel_core_pattern_empty_string rule gets selected, while, when selecting STIG profile ("DISA Stig for Red Hat Enterprise Linux 9 (493)"), xccdf_org.ssgproject.content_rule_sysctl_kernel_core_pattern rule gets selected.
Questions:
- Why do we have two different implementations for the same functionality? (funtionality being disabling core dumps)
- Can we deprecate xccdf_org.ssgproject.content_rule_sysctl_kernel_core_pattern_empty_string implementation because that rule is not robust?
It's not robust because, as the core(5) manpage states, just having kernel.core_pattern= will still generate core dumps if kernel.core_uses_pid is set to 1 (which is the default):• /proc/sys/kernel/core_pattern is empty and /proc/sys/kernel/core_uses_pid contains the value 0. (These files are described below.) Note that if /proc/sys/kernel/core_pattern is empty and /proc/sys/ker‐ nel/core_uses_pid contains the value 1, core dump files will have names of the form .pid, and such files are hidden unless one uses the ls(1) -a option.
Please provide the package NVR for which bug is seen:
scap-security-guide-0.1.69
How reproducible:
N/A