Only software developers legitimately need to access core files and none of my production web server requires a core dump. How do I disable core dumps on Debian / CentOS / RHEL / Fedora Linux to save large amounts of disk space?
A core dump file is the memory image of an executable program when it was terminated by the operating system due to various error behavior.
Disable Core Dumps
To disable core dumps for all users, open /etc/security/limits.conf, enter:
# vi /etc/security/limits.conf
Make sure the following config directive exists:
* hard core 0
Save and close the file. Once a hard limit is set in /etc/security/limits.conf, the user cannot increase that limit within his own session. Add fs.suid_dumpable = 0 to /etc/sysctl.conf file:
# echo 'fs.suid_dumpable = 0' >> /etc/sysctl.conf
# sysctl -p
This will make sure that core dumps can never be made by setuid programs. Finally, add the following to /etc/profile to set a soft limit to stop the creation of core dump files for all users (which is default and must be disabled):
# echo 'ulimit -S -c 0 > /dev/null 2>&1' >> /etc/profile
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 5 comments… read them below or add one }
Hmmz,
as far as I can remember in 2.6.X cores are disabled by default?
No? At least I haven’t got any cores for many years.
in fbsd you can disable them:
sysctl kern.coredump=0
I believe that the proper way is to have signal handling.
This wauy you can report the problems and avoid core.
Letting the system crash and ignoring cores will probably prevent fixing the problems.
on SLES : ‘kernel.suid_dumpable = 0′
Hi,
I know this is very old, but I thought I’d comment here for those who may see this thread in the future; On production servers, it is still good security practice to keep core dumps turned on. Someone attempted to exploit a service may cause a core dump (if they get something wrong), and this core can then be investigated to see whether this is the case.
Thank you!
HS