mediumsystemverified ✓rollback-safe
Restrict ptrace scope
kernel-yama-ptrace · RHEL ≥ 8 · 1 impl
Description
The kernel.yama.ptrace_scope sysctl must be set to restrict which processes can use ptrace on other processes.
Rationale
ptrace can be used by attackers to inspect and modify running processes. Restricting ptrace scope limits the ability to debug or inject code into other processes.
Check → Remediate
Checksysctl_value
- key:
- kernel.yama.ptrace_scope
- expected:
- 1
Remediatesysctl_set
- key:
- kernel.yama.ptrace_scope
- value:
- 1
Framework references
CIS
rhel8 1.5.7rhel10 1.5.7
STIG
V-230546V-257811V-281316 / RHEL-10-701140
NIST 800-53
CM-6
Live verification
rhel10:checkrhel8:checkrhel9:check
#sysctl#ptrace#yama#security#stig