Restricting Access to Kernel Ring Buffer Messages
The kernel uses a ring buffer to surface messages for troubleshooting purposes, and these
messages can be viewed by running the dmesg command.
Threat actors can use those messages to find exploits in the system, so it's considered
good security practice to ensure that only users with root permissions can run the
dmesg command.
To check whether access is restricted, run the following command:
sudo sysctl kernel.dmesg_restrictIf the value returned is 1, then access is already restricted.
If the value returned isn't 1, or the value is missing entirely, then
you can restrict access by setting the value in a configuration file that's stored in
the /etc/sysctl.d/ directory. For example, the following command
creates the /etc/sysctl.d/dmesg-restrict configuration file:
echo kernel.dmesg_restrict = 1 | sudo tee /etc/sysctl.d/dmesg-restrictTo apply the change without restarting the system, run the following command:
sudo sysctl -p /etc/sysctl.d/dmesg-restrict