← Rules Catalog
mediumsystemverified rollback-safe

Restrict ptrace scope

kernel-yama-ptrace · RHEL ≥ 8 · 1 impl

Description

The kernel.yama.ptrace_scope sysctl must be set to restrict which processes can use ptrace on other processes.

Rationale

ptrace can be used by attackers to inspect and modify running processes. Restricting ptrace scope limits the ability to debug or inject code into other processes.

Check → Remediate

Checksysctl_value
key:
kernel.yama.ptrace_scope
expected:
1
Remediatesysctl_set
key:
kernel.yama.ptrace_scope
value:
1

Framework references

CIS

rhel8 1.5.7rhel10 1.5.7

STIG

V-230546V-257811V-281316 / RHEL-10-701140

NIST 800-53

CM-6

Live verification

rhel10:checkrhel8:checkrhel9:check
#sysctl#ptrace#yama#security#stig