Set the suid_dumpable to the safe value of 2

See dev-sec/linux-baseline#52 for more details

Author: artem-sidorenko

recipes/sysctl.rb

@@ -105,7 +105,7 @@
 # Prevent core dumps with SUID. These are usually only needed by developers and
 # may contain sensitive information.
 node.default['sysctl']['params']['fs']['suid_dumpable'] =
-  node['os-hardening']['security']['kernel']['enable_core_dump'] ? 1 : 0
+  node['os-hardening']['security']['kernel']['enable_core_dump'] ? 2 : 0
 
 # include sysctl recipe and set /etc/sysctl.d/99-chef-attributes.conf
 include_recipe 'sysctl::apply'

spec/recipes/sysctl_spec.rb

@@ -351,7 +351,7 @@
         let(:enable_core_dump) { true }
 
         it 'should set suid_dumpable to safe value' do
-          is_expected.to eq(1)
+          is_expected.to eq(2)
         end
       end