ALMA-09-040940 - AlmaLinux OS 9 must restrict usage of ptrace to descendant processes.

Information

Unrestricted usage of ptrace allows compromised binaries to run ptrace on other processes of the user. Like this, the attacker can steal sensitive information from the target processes (e.g. SSH sessions, web browser etc.) without any additional assistance from the user (i.e. without resorting to phishing).

Solution

Configure AlmaLinux OS 9 to restrict usage of ptrace to with the following command:

$ echo "kernel.yama.ptrace_scope = 1" > /etc/sysctl.d/60-ptrace.conf

Load settings from all system configuration files with the following command:

$ sysctl --system

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CL_AlmaLinux_OS_9_V1R1_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-2, CAT|II, CCI|CCI-001082, Rule-ID|SV-269424r1050307_rule, STIG-ID|ALMA-09-040940, Vuln-ID|V-269424

Plugin: Unix

Control ID: 26b807bf469e5bdbd0c7675aebb1606585b1fb38ec71073372a74842d871bf92