5.4.3. HOWTO Enable Core Dumps¶
SIMP disables system core dump capabilities by default for improved system security.
At times, users may need to re-enable core dumps for system troubleshooting.
5.4.3.1. Enabling Core Dumps at the System Level¶
Overall system core dumps can be enabled by setting the following in Hiera:
---
# Enable system core dumps
simp::sysctl::core_dumps: true
# Set the core dump output directory
simp::sysctl::core_dump_dir: /fully/qualified/path
This will also disable enforcement of core dump restrictions in PAM.
5.4.3.2. Preventing Core Dumps via PAM¶
If you decide to enable core dumps, you may want to still restrict them for users on your system.
To do this, you will need to add the following type of puppet code.
pam::limits::rule { 'prevent_core_dumps_all':
# Add to all PAM domains
domains => ['*'],
# Set both hard and soft limits
type => 'hard',
# Affect core dumps
item => 'core',
# Set to '0'
value => 0,
# Set at 99 in the order list (first match wins)
order => 99
}
Now, if you want to enable core dumps for the root user, you will want to add the following as well:
pam::limits::rule { 'allow_root_core_dump':
domains => ['root'],
type => 'hard',
item => 'core',
value => 1,
order => 10
}