RHEL 10 must disable acquiring, saving, and processing core dumps.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-281320 | RHEL-10-701180 | SV-281320r1184635_rule | CCI-002165 | medium |
| Description | ||||
| A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems. | ||||
| STIG | Date | |||
| Red Hat Enterprise Linux 10 Security Technical Implementation Guide | 2026-03-11 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
AC-3(4)
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-002165
1.00
- DISA · V1R1 · disa_xccdf · related
Details
Check Text (C-281320r1184635_chk)
Note: If kernel dumps are disabled in accordance with RHEL-10-701090, this requirement is not applicable.
Verify RHEL 10 is not configured to acquire, save, or process core dumps with the following command:
$ sudo systemctl status systemd-coredump.socket
o systemd-coredump.socket
Loaded: masked (Reason: Unit systemd-coredump.socket is masked.)
Active: inactive (dead)
...
If the "systemd-coredump.socket" is loaded and not masked, and the need for core dumps is not documented with the information system security officer as an operational requirement, this is a finding.
Fix Text (F-85786r1167109_fix)
Configure RHEL 10 to disable the systemd-coredump.socket with the following command:
$ sudo systemctl mask --now systemd-coredump.socket
Created symlink /etc/systemd/system/systemd-coredump.socket -> /dev/null
Reload the daemon for this change to take effect.
$ sudo systemctl daemon-reload