Description: The ptrace() system call provides a means by which one process (the "tracer") may observe and control the execution of another process (the "tracee"), and examine and change the tracee's memory and registers. Rationale: If one application is compromised, it would be possible for an attacker to attach to other running processes (e.g. Bash, Firefox, SSH sessions, GPG agent, etc) to extract additional credentials and continue to expand the scope of their attack. Enabling restricted mode will limit the ability of a compromised process to PTRACE_ATTACH on other processes running under the same user. With restricted mode, ptrace will continue to work with root user. Remediation: Set the following parameter in /etc/sysctl.conf or a file in /etc/sysctl.d/ ending in .conf: kernel.yama.ptrace_scope = 1

[Yes/No]

Set the following parameter in /etc/sysctl.conf or a file in /etc/sysctl.d/ ending in .conf: kernel.yama.ptrace_scope = 1