--- - block: - name: create limits.d-directory if it does not exist | sysctl-31a, sysctl-31b file: path: '/etc/security/limits.d' owner: 'root' group: 'root' mode: '0755' state: 'directory' - name: create additional limits config file -> 10.hardcore.conf | sysctl-31a, sysctl-31b pam_limits: dest: '/etc/security/limits.d/10.hardcore.conf' domain: '*' limit_type: hard limit_item: core value: '0' comment: Prevent core dumps for all users. These are usually not needed and may contain sensitive information - name: set 10.hardcore.conf perms to 0400 and root ownership file: path: /etc/security/limits.d/10.hardcore.conf owner: 'root' group: 'root' mode: '0440' state: touch modification_time: preserve access_time: preserve when: not os_security_kernel_enable_core_dump | bool - name: remove 10.hardcore.conf config file file: path: /etc/security/limits.d/10.hardcore.conf state: absent when: os_security_kernel_enable_core_dump | bool