-
Notifications
You must be signed in to change notification settings - Fork 191
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Properly verify the kernel dump setting #52
Conversation
0 and 2 are the allowed options
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me @artem-sidorenko
@chris-rock I fixed the second dump test here, can you please have a look? |
0677c2d
to
8f586ca
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks like a very good solution to me @artem-sidorenko I would like to have @atomic111 review it as well, just to be sure I have not missed anything. LGTM after the end
is fixed
controls/sysctl_spec.rb
Outdated
impact 1.0 | ||
title 'Secure Core Dumps - dump path' | ||
desc 'Ensure that core dumps are done with fully qualified path' | ||
only_if { kernel_parameter('fs.suid_dumpable').value == 2 } | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is one end
too much
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks, fixed
8f586ca
to
e3df2db
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@artem-sidorenko thanks for the improvement. if someone wants to have more information http://man7.org/linux/man-pages/man5/core.5.html
See dev-sec/linux-baseline#52 for more details
See dev-sec/linux-baseline#52 for more details
See dev-sec/linux-baseline#52 for more details
See dev-sec/linux-baseline#52 for more details
0 and 2 are the allowed options