Skip to content

acrion/ditana-config-coredumps

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.SRCINFO
.SRCINFO
 
 
.gitignore
.gitignore
 
 
50-ditana-limits.conf
50-ditana-limits.conf
 
 
50-ditana.conf
50-ditana.conf
 
 
LICENSE
LICENSE
 
 
PKGBUILD
PKGBUILD
 
 
README.md
README.md
 
 

Repository files navigation

Ditana Core Dump Configuration

The ditana-config-coredumps package is included by default in the Ditana GNU/Linux distribution. It serves to disable core dumps, thereby mitigating the risk of exposing sensitive information in multi-user environments or in the event of a system compromise. Users have the flexibility to enable or disable this package during installation or at runtime. Changes take effect after a system reboot.

Features

  • Default Behavior: Core dumps are disabled to enhance system security.
  • User Control: Users can opt-out during installation or toggle the package at runtime via the package manager. A system reboot is required for changes to take effect.
  • Selective Activation: Core dumps can be temporarily enabled for specific services or user sessions when necessary.

Implementation Details

Core dumps are restricted through two distinct mechanisms:

1. Systemd Services

Core dumps for systemd-managed services are controlled via the configuration file:

/etc/systemd/system.conf.d/50-ditana-limits.conf

This file sets the DefaultLimitCORE parameter to 0, effectively disabling core dumps for all services by default.

To Enable Core Dumps for a Specific Service:

  1. Create an override configuration for the desired service:

    sudo systemctl edit <service-name>

  2. In the editor that opens, add the following lines:

    [Service]
LimitCORE=infinity

  3. Save and exit the editor.

  4. Reload the systemd configuration:

    sudo systemctl daemon-reload

This will allow core dumps for the specified service until the override is removed.

2. Non-Systemd Contexts

For non-systemd environments, core dumps are managed via the configuration file:

/etc/security/limits.d/50-ditana.conf

This file sets a soft limit of 0 for core dumps, preventing their creation in regular user sessions.

To Enable Core Dumps for a User Session:

Execute the following command in the active shell session:

ulimit -c unlimited

This lifts the restriction for the current session, allowing core dumps to be generated as needed for debugging purposes.

Installation and Removal

The ditana-config-coredumps package can be managed through the Ditana package repository. Users can install or uninstall the package at any time using the package manager. A system reboot is required after installation or removal to apply the changes.

About

Deactivate coredumps (temporary activation is possible)

ditana.org

Topics

pam systemd coredumps ditana

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Languages