Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Photon operating system must restrict access to the kernel message buffer.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-258828 | PHTN-40-000067 | SV-258828r933545_rule | Medium |
| Description |
|---|
| Restricting access to the kernel message buffer limits access only to root. This prevents attackers from gaining additional system information as a nonprivileged user. |
| STIG | Date |
|---|---|
| VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide | 2023-10-29 |
Details
| Check Text ( C-62568r933543_chk ) |
|---|
| At the command line, run the following command to verify kernel message buffer restrictions are enabled: # /sbin/sysctl kernel.dmesg_restrict Example result: kernel.dmesg_restrict = 1 If the "kernel.dmesg_restrict" kernel parameter is not set to "1", this is a finding. |
| Fix Text (F-62477r933544_fix) |
|---|
| Navigate to and open: /etc/sysctl.d/zz-stig-hardening.conf Add or update the following line: kernel.dmesg_restrict = 1 At the command line, run the following command to load the new configuration: # /sbin/sysctl --load /etc/sysctl.d/zz-stig-hardening.conf Note: If the file zz-stig-hardening.conf does not exist, it must be created. |