Title

SLEM 5 must restrict access to the kernel message buffer. (Cat II impact)

Discussion

Restricting access to the kernel message buffer limits access only to root. This prevents attackers from gaining additional system information as a nonprivileged user.

Check Content

Verify SLEM 5 is configured to restrict access to the kernel message buffer with the following commands: > sudo sysctl kernel.dmesg_restrict kernel.dmesg_restrict = 1 If "kernel.dmesg_restrict" is not set to "1" or is missing, this is a finding. Check that the configuration files are present to enable this kernel parameter: > sudo grep -r kernel.dmesg_restrict /run/sysctl.d/* /etc/sysctl.d/* /usr/local/lib/sysctl.d/* /usr/lib/sysctl.d/* /lib/sysctl.d/* /etc/sysctl.conf 2> /dev/null /etc/sysctl.conf:kernel.dmesg_restrict = 1 /etc/sysctl.d/99-sysctl.conf:kernel.dmesg_restrict = 1 If "kernel.dmesg_restrict" is not set to "1", is missing or commented out, this is a finding. If conflicting results are returned, this is a finding.

Fix Text

Configure SLEM 5 to restrict access to the kernel message buffer. Set the system to the required kernel parameter by adding or modifying the following line in /etc/sysctl.conf or a config file in the /etc/sysctl.d/ directory: kernel.dmesg_restrict = 1 Remove any configurations that conflict with the above from the following locations: /run/sysctl.d/ /etc/sysctl.d/ /usr/local/lib/sysctl.d/ /usr/lib/sysctl.d/ /lib/sysctl.d/ /etc/sysctl.conf Reload settings from all system configuration files with the following command: $ sudo sysctl --system

Additional Identifiers

Rule ID: SV-261269r996301_rule

Vulnerability ID: V-261269

Group Title: SRG-OS-000138-GPOS-00069

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.