RHEL 10 must disable acquiring, saving, and processing core dumps.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-281320 | RHEL-10-701180 | SV-281320r1184635_rule | CCI-002165 | medium |
| Description | ||||
| A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems. | ||||
| STIG | Date | |||
| Red Hat Enterprise Linux 10 Security Technical Implementation Guide | 2026-03-11 | |||
Details
Check Text (C-281320r1184635_chk)
Note: If kernel dumps are disabled in accordance with RHEL-10-701090, this requirement is not applicable.
Verify RHEL 10 is not configured to acquire, save, or process core dumps with the following command:
$ sudo systemctl status systemd-coredump.socket
o systemd-coredump.socket
Loaded: masked (Reason: Unit systemd-coredump.socket is masked.)
Active: inactive (dead)
...
If the "systemd-coredump.socket" is loaded and not masked, and the need for core dumps is not documented with the information system security officer as an operational requirement, this is a finding.
Fix Text (F-85786r1167109_fix)
Configure RHEL 10 to disable the systemd-coredump.socket with the following command:
$ sudo systemctl mask --now systemd-coredump.socket
Created symlink /etc/systemd/system/systemd-coredump.socket -> /dev/null
Reload the daemon for this change to take effect.
$ sudo systemctl daemon-reload