Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kernel.yama.ptrace_scope default #265

Open
1 of 2 tasks
jukuisma opened this issue Dec 10, 2024 · 1 comment
Open
1 of 2 tasks

kernel.yama.ptrace_scope default #265

jukuisma opened this issue Dec 10, 2024 · 1 comment
Assignees
@uk-bolly
Labels
enhancement New feature or request

Comments

@jukuisma
Copy link

Feature Request or Enhancement

  • Feature
  • Enhancement

Summary of Request

Can't find any mentions of yama nor ptrace in source code or docs. System seems to use RHEL default:

$ sysctl kernel.yama.ptrace_scope
kernel.yama.ptrace_scope = 0

even after hardening. Seems super lax to me, but I guess it can also be argued that this is just a baseline. Any thoughts?

https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html

Cheers, Juho
@jukuisma jukuisma added the enhancement New feature or request label Dec 10, 2024
@uk-bolly uk-bolly self-assigned this Dec 17, 2024
@uk-bolly
Copy link
Member

hi @jukuisma

This is actually part of the v2.0.0 CIS benchmark, which is due to be released in the next couple of weeks.

Many thanks

uk-bolly

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@uk-bolly uk-bolly

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jukuisma @uk-bolly