lowsystemverified ✓rollback-safe
Restrict access to kernel message buffer
kernel-dmesg-restrict · UBUNTU ≥ 22, RHEL ≥ 8 · 1 impl
Description
The kernel.dmesg_restrict sysctl must be set to prevent unprivileged users from reading the kernel message buffer.
Rationale
The kernel message buffer (dmesg) may contain sensitive information about system configuration and potential vulnerabilities. Restricting access prevents information leakage.
Check → Remediate
Checksysctl_value
- key:
- kernel.dmesg_restrict
- expected:
- 1
Remediatesysctl_set
- key:
- kernel.dmesg_restrict
- value:
- 1
Framework references
CIS
rhel8 1.5.5rhel10 1.5.5
STIG
V-230269V-257797V-270749 / UBTU-24-600140V-260472 / UBTU-22-213010V-281305 / RHEL-10-701030
NIST 800-53
SI-11
Live verification
rhel10:checkrhel8:checkrhel9:checkubuntu22:checkubuntu24:checkubuntu26:check
#sysctl#dmesg#kernel#privacy#stig