Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix core dump config file creation when core dumps are disabled #182

Merged
merged 2 commits into from
Aug 23, 2018
Merged

Fix core dump config file creation when core dumps are disabled #182

merged 2 commits into from
Aug 23, 2018

Conversation

Normo
Copy link
Contributor

@Normo Normo commented Aug 3, 2018

It seems that something went wrong when PR #146 was merged to master.

When variable os_security_kernel_enable_core_dump is set to false the core dump configuration file /etc/security/limits.d/10.hardcore.conf will always be removed by the following task:

https://github.com/dev-sec/ansible-os-hardening/blob/30aa3fef3fb47c620369b617a78b0644b69e0082/tasks/limits.yml#L30

In addition, if os_security_kernel_enable_core_dump is set to true, a core dump config file will be created by mistake:
https://github.com/dev-sec/ansible-os-hardening/blob/30aa3fef3fb47c620369b617a78b0644b69e0082/tasks/limits.yml#L35

rndmh3ro
rndmh3ro requested changes Aug 14, 2018
View reviewed changes
tasks/limits.yml Outdated
@@ -32,11 +32,4 @@
path: /etc/security/limits.d/10.hardcore.conf
state: absent

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you remove this empty line, too? This way its more obvious that the condition belongs to the task above.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ DONE

@rndmh3ro
Copy link
Member

You're right, thanks for noticing!

Can you also please change the setting here from false to true? false is the default so its not making any sense here.

@rndmh3ro rndmh3ro added the bug label Aug 14, 2018
@Normo
Copy link
Contributor Author

Normo commented Aug 23, 2018

@rndmh3ro

Can you also please change the setting here from false to true? false is the default so its not making any sense here.

✅ DONE

@rndmh3ro rndmh3ro merged commit b529c37 into dev-sec:master Aug 23, 2018
@rndmh3ro
Copy link
Member

Thank you! :)

divialth pushed a commit to divialth/ansible-collection-hardening that referenced this pull request Aug 3, 2022
@rndmh3ro
Merge pull request dev-sec#182 from Normo/master
d222f60 
Fix core dump config file creation when core dumps are disabled
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rndmh3ro rndmh3ro rndmh3ro approved these changes

Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Normo @rndmh3ro