CISS.debian.live.builder/config/hooks/live/9940_hardening_memory.dump.chroot

#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
set -C -e -u -o pipefail

printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
# sleep 1

cp -u /etc/security/limits.conf /root/.ciss/dlb/backup/limits.conf.bak
chmod 0644 /root/.ciss/dlb/backup/limits.conf.bak
sed -i "/#*               soft    core            0/ i\*               soft    core            0" /etc/security/limits.conf
sed -i "/#root            hard    core            100000/ i\*               hard    core            0" /etc/security/limits.conf

if [[ ! -d /etc/systemd/coredump.conf.d ]]; then
  mkdir -p /etc/systemd/coredump.conf.d
fi

touch /etc/systemd/coredump.conf.d/disable.conf
chmod 0644 /etc/systemd/coredump.conf.d/disable.conf
cat << EOF >| /etc/systemd/coredump.conf.d/disable.conf
[Coredump]
Storage=none
EOF

printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
# sleep 1

exit 0
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh