Merge pull request #193 from dev-sec/yama_ptrace

Restrict ptrace attach to privileged users

Author: schurzi

controls/sysctl_spec.rb

@@ -432,3 +432,14 @@
     its(:value) { should eq 1 }
   end
 end
+
+control 'sysctl-35' do
+  impact 1.0
+  title 'Restrict ptrace attach to privileged users'
+  desc 'Ensure kernel.yama.ptrace_scope is set to at least 2 so unprivileged users cannot attach ptrace to arbitrary processes.'
+  # exclude SuSE because it does not have this parameter
+  only_if { !(container_execution || os.suse?) }
+  describe kernel_parameter('kernel.yama.ptrace_scope') do
+    its(:value) { should >= 2 }
+  end
+end