lynis icon indicating copy to clipboard operation
lynis copied to clipboard

Published 20 hours ago verified publisher icon CISOfy

kernel.perf_event_paranoid should pass for values >= 3

Open micchickenburger opened this issue 1 year ago • 2 comments

Describe the bug kernel.perf_event_paranoid in the Kernel hardening "Comparing sysctl key pairs with scan profiles" stage expects a value of 3 in a default configuration. It seems that It should instead expect a value >= 3, since Ubuntu Jammy defaults to 4.

See here for more information: https://askubuntu.com/questions/1400874/what-does-perf-paranoia-level-four-do

Version

  • Distribution: Ubuntu Server 22.04 arm64
  • Lynis 3.0.8-100

Expected behavior I expect a value greater than or equal to 3 to pass.

Output

$ sudo lynis audit system
# ...
[+] Kernel Hardening
------------------------------------
  - Comparing sysctl key pairs with scan profile
    - kernel.perf_event_paranoid (exp: 3)                     [ DIFFERENT ]
# ...

$ sudo sysctl kernel.perf_event_paranoid
kernel.perf_event_paranoid = 4

$ uname -a
Linux ip-172-31-18-30 5.15.0-1028-aws #32-Ubuntu SMP Mon Jan 9 12:29:05 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux

micchickenburger avatar Mar 09 '23 19:03 micchickenburger

Hi @micchickenburger, can you try #1377

konstruktoid avatar Mar 10 '23 09:03 konstruktoid

Yes, this works great. Thanks!

micchickenburger avatar Mar 10 '23 23:03 micchickenburger

Related PR was merged, so should be resolved now (in next release).

mboelen avatar May 14 '24 09:05 mboelen