Fix the reason for the 'kernel.yama.ptrace_scope' check

author Alexander Popov <alex.popov@linux.com>

Wed, 18 Oct 2023 07:30:36 +0000 (10:30 +0300)

committer Alexander Popov <alex.popov@linux.com>

Wed, 18 Oct 2023 07:30:36 +0000 (10:30 +0300)
author Alexander Popov <alex.popov@linux.com>
Wed, 18 Oct 2023 07:30:36 +0000 (10:30 +0300)
committer Alexander Popov <alex.popov@linux.com>
Wed, 18 Oct 2023 07:30:36 +0000 (10:30 +0300)
diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py

index d1c83db483e553e7c62bd3827ca8c5a660bb3045..96da656bf14ad4368a0f7fcd0996a7961606dfc3 100644 (file)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -604,7 +604,6 @@ def add_sysctl_checks(l, arch):
      l += [SysctlCheck('cut_attack_surface', 'kspp', 'dev.tty.ldisc_autoload', '0')]
      l += [SysctlCheck('cut_attack_surface', 'kspp', 'kernel.unprivileged_bpf_disabled', '1')]
      l += [SysctlCheck('cut_attack_surface', 'kspp', 'kernel.kptr_restrict', '2')]
-    l += [SysctlCheck('cut_attack_surface', 'kspp', 'kernel.yama.ptrace_scope', '3')]
      l += [SysctlCheck('cut_attack_surface', 'kspp', 'dev.tty.legacy_tiocsti', '0')]
      l += [SysctlCheck('cut_attack_surface', 'kspp', 'vm.unprivileged_userfaultfd', '0')]
            # At first, it disabled unprivileged userfaultfd,
@@ -616,3 +615,4 @@ def add_sysctl_checks(l, arch):
      l += [SysctlCheck('harden_userspace', 'kspp', 'fs.protected_regular', '2')]
      l += [SysctlCheck('harden_userspace', 'kspp', 'fs.suid_dumpable', '0')]
      l += [SysctlCheck('harden_userspace', 'kspp', 'kernel.randomize_va_space', '2')]
+    l += [SysctlCheck('harden_userspace', 'kspp', 'kernel.yama.ptrace_scope', '3')]
author	Alexander Popov <alex.popov@linux.com>
	Wed, 18 Oct 2023 07:30:36 +0000 (10:30 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Wed, 18 Oct 2023 07:30:36 +0000 (10:30 +0300)