RHEL-09-213075 - RHEL 9 must disable access to network bpf system call from nonprivileged processes.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Loading and accessing the packet filters programs and maps using the bpf() system call has the potential of revealing sensitive information about the kernel state.

Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000480-GPOS-00227


Configure RHEL 9 to prevent privilege escalation thru the kernel by disabling access to the bpf syscall by adding the following line to a file, in the '/etc/sysctl.d' directory:

kernel.unprivileged_bpf_disabled = 1

The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:

$ sudo sysctl --system

See Also


Item Details

References: CAT|II, CCI|CCI-000366, CCI|CCI-001082, Rule-ID|SV-257810r925417_rule, STIG-ID|RHEL-09-213075, Vuln-ID|V-257810

Plugin: Unix

Control ID: 17c457977e5194a62a7e025d01a2d3a973d233d751639c3a400fa141fe925f23