Home / ubuntu / Questions / 873022
In Process
EdiD
Asked: 2017-01-18 09:49:18 +0800 CST

How can I completely prevent core dumps?

  • 772

Every few shutdowns a core dump file is created on /. How can I prevent creating core dumps completely?

gdb --core=/core output:

Core was generated by /usr/lib/xorg/Xorg -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -noliste'.
Program terminated with signal SIGSEGV, Segmentation fault.

I added these parameters to my configuration files:

to /etc/security/limits.conf: 

* hard core 0
root hard core 0

to /etc/sysctl.d/60-own.conf: 

fs.suid_dumpable=0`

to /etc/systemd/system.conf: 

DumpCore=no

Core dump files still exist (in 16.04.1).

kernel

1 Answers

  1. Setting fs.suid_dumpable = 0 will be overridden by apport everytime apport starts.

    Similar to how ufw interferes with my efforts to follow hardening instructions apport also interferes here. This is how I found out:

    $ grep -R fs.suid_dumpable /etc/ 2>/dev/null 
/etc/rc5.d/K01apport:   echo 2 > /proc/sys/fs/suid_dumpable
…
/etc/rc4.d/K01apport:   echo 0 > /proc/sys/fs/suid_dumpable
/etc/lynis/default.prf:config-data=sysctl;fs.suid_dumpable;0;1;Restrict core dumps;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security;
/etc/init.d/apport: echo 2 > /proc/sys/fs/suid_dumpable
/etc/init.d/apport: echo 0 > /proc/sys/fs/suid_dumpable

    So to prevent core dumps and keep fs.suid_dumpable at 0 you have to disable apport:

    sudo systemctl disable apport.service
    • 1