Thursday, May 17, 2012

Linux Disable Core Dumps

Only software developers legitimately need to access core files and none of my production web server requires a core dump. How do I disable core dumps on Debian / CentOS / RHEL / Fedora Linux to save large amounts of disk space?

A core dump file is the memory image of an executable program when it was terminated by the operating system due to various error behavior.

Disable Core Dumps

To disable core dumps for all users, open /etc/security/limits.conf, enter:
# vi /etc/security/limits.conf
Make sure the following config directive exists:
* hard core 0
Save and close the file. Once a hard limit is set in /etc/security/limits.conf, the user cannot increase that limit within his own session. Add fs.suid_dumpable = 0 to /etc/sysctl.conf file:
# echo 'fs.suid_dumpable = 0' >> /etc/sysctl.conf
# sysctl -p
This will make sure that core dumps can never be made by setuid programs. Finally, add the following to /etc/profile to set a soft limit to stop the creation of core dump files for all users (which is default and must be disabled):
# echo 'ulimit -S -c 0 > /dev/null 2>&1' >> /etc/profile
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)