{"description": "The recommendations in this section are designed to\nensure that the system's features to protect against potentially\ndangerous program execution are activated.\nThese protections are applied at the system initialization or\nkernel level, and defend against certain types of badly-configured\nor compromised programs.", "warnings": [], "requires": [], "conflicts": [], "values": ["sysctl_kernel_unprivileged_bpf_disabled_value", "sysctl_kernel_yama_ptrace_scope_value"], "groups": ["coredumps", "daemon_umask", "enable_execshield_settings", "enable_nx", "poisoning"], "rules": ["kernel_module_uvcvideo_disabled", "sysctl_kernel_core_pattern", "sysctl_kernel_core_pattern_empty_string", "sysctl_kernel_core_uses_pid", "sysctl_kernel_dmesg_restrict", "sysctl_kernel_kexec_load_disabled", "sysctl_kernel_modules_disabled", "sysctl_kernel_panic_on_oops", "sysctl_kernel_perf_cpu_time_max_percent", "sysctl_kernel_perf_event_max_sample_rate", "sysctl_kernel_perf_event_paranoid", "sysctl_kernel_pid_max", "sysctl_kernel_sysrq", "sysctl_kernel_unprivileged_bpf_disabled", "sysctl_kernel_unprivileged_bpf_disabled_accept_default", "sysctl_kernel_yama_ptrace_scope", "sysctl_net_core_bpf_jit_harden", "sysctl_user_max_user_namespaces", "sysctl_user_max_user_namespaces_no_remediation", "sysctl_vm_mmap_min_addr"], "platform": "", "platforms": [], "inherited_platforms": [], "cpe_platform_names": [], "title": "Restrict Programs from Dangerous Execution Patterns", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/restrictions/group.yml"}