TOSS 5 must disable access to network bpf system call from nonprivileged processes.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-282508 | SRG-OS-000132-GPOS-00067 | TOSS-05-000109 | SV-282508r1200504_rule | 2026-04-01 | 1 |
Description
Loading and accessing the packet filters programs and maps using the "bpf()" system call has the potential of revealing sensitive information about the kernel state.
ℹ️ Check
Verify TOSS 5 prevents privilege escalation through the kernel by disabling access to the bpf system call using the following command:
$ sudo sysctl kernel.unprivileged_bpf_disabled
kernel.unprivileged_bpf_disabled = 1
If the returned line does not have a value of "1", or a line is not returned, this is a finding.
✔️ Fix
Configure TOSS 5 to prevent privilege escalation through the kernel by disabling access to the bpf syscall by adding the following line to a file, in the "/etc/sysctl.d" directory:
kernel.unprivileged_bpf_disabled = 1
The system configuration files must be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
$ sudo sysctl --system