UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The SUSE operating system must restrict access to the kernel message buffer.


Overview

Finding ID Version Rule ID IA Controls Severity
V-255921 SLES-15-010375 SV-255921r880964_rule Low
Description
Restricting access to the kernel message buffer limits access only to root. This prevents attackers from gaining additional system information as a nonprivileged user.
STIG Date
SUSE Linux Enterprise Server 15 Security Technical Implementation Guide 2024-02-16

Details

Check Text ( C-59598r880962_chk )
Verify the operating system is configured to restrict access to the kernel message buffer with the following commands:

$ sudo sysctl kernel.dmesg_restrict
kernel.dmesg_restrict = 1

If "kernel.dmesg_restrict" is not set to "1" or is missing, this is a finding.

Check that the configuration files are present to enable this kernel parameter:

$ sudo grep -r kernel.dmesg_restrict /run/sysctl.d/* /etc/sysctl.d/* /usr/local/lib/sysctl.d/* /usr/lib/sysctl.d/* /lib/sysctl.d/* /etc/sysctl.conf 2> /dev/null
/etc/sysctl.conf:kernel.dmesg_restrict = 1
/etc/sysctl.d/99-sysctl.conf:kernel.dmesg_restrict = 1

If "kernel.dmesg_restrict" is not set to "1", is missing or commented out, this is a finding.

If conflicting results are returned, this is a finding.
Fix Text (F-59541r880963_fix)
Configure the operating system to restrict access to the kernel message buffer.

Set the system to the required kernel parameter by adding or modifying the following line in /etc/sysctl.conf or a config file in the /etc/sysctl.d/ directory:

kernel.dmesg_restrict = 1

Remove any configurations that conflict with the above from the following locations:
/run/sysctl.d/
/etc/sysctl.d/
/usr/local/lib/sysctl.d/
/usr/lib/sysctl.d/
/lib/sysctl.d/
/etc/sysctl.conf

Reload settings from all system configuration files with the following command:

$ sudo sysctl --system