Kernel
2024-10-24
Disable core dumps in Linux
limits.conf and sysctl
Edit /etc/security/limits.conf
and append the following lines:
* hard core 0
* soft core 0
Edit /etc/sysctl.d/9999-disable-core-dump.conf
:
fs.suid_dumpable=0
kernel.core_pattern=|/bin/false
sudo sysctl -p /etc/sysctl.d/9999-disable-core-dump.conf
/bin/false
exits with a failure status code. The default value forkernel.core_pattern
iscore
on a Debian server and|/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h
on a Fedora desktop. These commands are executed upon crashes. In the case of/bin/false
, nothing happens, and core dump is disabled.fs.suid_dumpable=0
Any process that has changed privilege levels or is execute only will not be dumped. Other values include1
, which is debug mode, and all processes dump core when possible. The current user owns the core dump, no security is applied.2
, suidsafe mode, in which any Linux program that would generally not be dumped is dumped regardless, but only if thekernel.core_pattern
in sysctl is set to a valid program.
systemd
sudo mkdir /etc/systemd/coredump.conf.d/
sudo nvim /etc/systemd/coredump.conf.d/custom.conf
[Coredump]
Storage=none
ProcessSizeMax=0
Storage=none
andProcessSizeMax=0
disables all coredump handling except for a log entry under systemd.
sudo systemctl daemon-reload
Edit /etc/systemd/system.conf
. Make sure DefaultLimitCORE
is commented out.
#DefaultLimitCORE=infinity
sudo systemctl daemon-reexec