ALMA-09-041050 - AlmaLinux OS 9 must restrict access to the kernel message buffer.

Information

Restricting access to the kernel message buffer limits access to only root. This prevents attackers from gaining additional system information as a nonprivileged user.

Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000138-GPOS-00069

Solution

Configure AlmaLinux OS 9 to restrict access to the kernel message buffer with the following command:

$ echo "kernel.dmesg_restrict = 1 > /etc/sysctl.d/60-dmesg.conf"

Load settings from all system configuration files with the following command:

$ sysctl --system

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CL_AlmaLinux_OS_9_V1R1_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-2, 800-53|SC-4, CAT|II, CCI|CCI-001082, CCI|CCI-001090, Rule-ID|SV-269425r1050308_rule, STIG-ID|ALMA-09-041050, Vuln-ID|V-269425

Plugin: Unix

Control ID: 2f0110a7fa6e011daeccc58c46b5a27a84b19a578451826c5e66326c71d92b77