AlmaLinux OS 9 must restrict usage of ptrace to descendant processes.
An XCCDF Rule
Description
Unrestricted usage of ptrace allows compromised binaries to run ptrace on other processes of the user. Like this, the attacker can steal sensitive information from the target processes (e.g. SSH sessions, web browser etc.) without any additional assistance from the user (i.e. without resorting to phishing).
- ID
- SV-269424r1050307_rule
- Version
- ALMA-09-040940
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure AlmaLinux OS 9 to restrict usage of ptrace to with the following command:
$ echo "kernel.yama.ptrace_scope = 1" > /etc/sysctl.d/60-ptrace.conf
Load settings from all system configuration files with the following command:
$ sysctl --system