2.7.3 Temporarily Disabling and Re-Enabling Tripwires

For troubleshooting purposes, you can disable or re-enable a specific tripwire manually.

To disable a specific tripwire until the next reboot, remove the CVE reference from the /proc/sys/kernel/known_exploit_detection_tripwires file as follows:

# echo -n '-CVE-2019-12345' > /proc/sys/kernel/known_exploit_detection_tripwires

To re-enable a specific tripwire, re-append the CVE reference to the same configuration file:

# echo -n '+CVE-2019-12345' > /proc/sys/kernel/known_exploit_detection_tripwires