From 8f763e51b47489bfd80b4d58c4aa85378379f7dd Mon Sep 17 00:00:00 2001
From: Artem Sidorenko <artem@posteo.de>
Date: Sun, 12 Mar 2017 17:48:32 +0100
Subject: [PATCH 1/2] Properly verify the kernel dump setting

0 and 2 are the allowed options
---
 controls/sysctl_spec.rb | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/controls/sysctl_spec.rb b/controls/sysctl_spec.rb
index bd2ecaa..d96e2af 100644
--- a/controls/sysctl_spec.rb
+++ b/controls/sysctl_spec.rb
@@ -323,20 +323,11 @@ control 'sysctl-31' do
   desc 'Ensure that core dumps can never be made by setuid programs or with fully qualified path'
 
   describe kernel_parameter('fs.suid_dumpable') do
-    ## those are not valid. how to?
-    # its(:value) { should eq 0 or should eq 2 }
-    # its(:value) { should match /[02]/ }
-    # its(:value) { should match /0|2/ }
-    its(:value) { should eq 2 }
+    its(:value) { should cmp(/(0|2)/) }
   end
-  # unless kernel_parameter('fs.suid_dumpable') == 2
-  #   describe kernel_parameter('fs.suid_dumpable') do
-  #     its(:value) { should eq 2 }
-  # end
   describe kernel_parameter('kernel.core_pattern') do
     its(:value) { should match %r{^/.*} }
   end
-  # end
 end
 
 control 'sysctl-32' do

From e3df2dbb136d15a228cfd229a59688ed0b16011c Mon Sep 17 00:00:00 2001
From: Artem Sidorenko <artem@posteo.de>
Date: Mon, 13 Mar 2017 19:17:35 +0100
Subject: [PATCH 2/2] Verify the dump path only if dumpable is set to suidsafe

See this discussion https://github.com/dev-sec/linux-baseline/commit/790371c5fdbd3260da81d7d586834120c0c04446#commitcomment-21277650
---
 controls/sysctl_spec.rb | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/controls/sysctl_spec.rb b/controls/sysctl_spec.rb
index d96e2af..7014aab 100644
--- a/controls/sysctl_spec.rb
+++ b/controls/sysctl_spec.rb
@@ -317,14 +317,22 @@ control 'sysctl-30' do
   end
 end
 
-control 'sysctl-31' do
+control 'sysctl-31a' do
   impact 1.0
-  title 'Secure Core Dumps'
-  desc 'Ensure that core dumps can never be made by setuid programs or with fully qualified path'
+  title 'Secure Core Dumps - dump settings'
+  desc 'Ensure that core dumps can never be made by setuid programs'
 
   describe kernel_parameter('fs.suid_dumpable') do
     its(:value) { should cmp(/(0|2)/) }
   end
+end
+
+control 'sysctl-31b' do
+  impact 1.0
+  title 'Secure Core Dumps - dump path'
+  desc 'Ensure that core dumps are done with fully qualified path'
+  only_if { kernel_parameter('fs.suid_dumpable').value == 2 }
+
   describe kernel_parameter('kernel.core_pattern') do
     its(:value) { should match %r{^/.*} }
   end