TOSS 5 must disable the kernel.core_pattern.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-282622 | TOSS-05-000033 | SV-282622r1201309_rule | CCI-000366 | medium |
| Description | ||||
| A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems. | ||||
| STIG | Date | |||
| Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide | 2026-04-01 | |||
Details
Check Text (C-282622r1201309_chk)
Verify TOSS 5 disables storing core dumps with the following commands:
$ sudo sysctl kernel.core_pattern
kernel.core_pattern = |/bin/false
If the returned line does not have a value of "|/bin/false", or a line is not returned and the need for core dumps is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.
Fix Text (F-87088r1201308_fix)
Configure TOSS 5 to disable storing core dumps.
Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
kernel.core_pattern = |/bin/false
Reload the system configuration files for the changes to take effect.
$ sudo sysctl --system