RHEL 9 must disable access to network bpf system call from nonprivileged processes.

An XCCDF Rule

Details
Profiles

Description

Loading and accessing the packet filters programs and maps using the bpf() system call has the potential of revealing sensitive information about the kernel state. Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000480-GPOS-00227

ID: SV-257810r1044869_rule
Version: RHEL-09-213075
Severity: Medium
References: CCI-001082
Updated: about 2 months ago

Remediation Templates

Configure the currently loaded kernel parameter to the secure setting:

$ sudo sysctl -w kernel.unprivileged_bpf_disabled=1

Configure RHEL 9 to prevent privilege escalation through the kernel by disabling access to the bpf syscall by adding the following line to a file in the "/etc/sysctl.d" directory:
kernel.unprivileged_bpf_disabled = 1

The system configuration files must be reloaded for the changes to take effect. To reload the contents of the files, run the following command:

$ sysctl --system

RHEL 9 must disable access to network bpf system call from nonprivileged processes.

Description

Remediation Templates

A Manual Procedure