Active rule currently published.
Grsecurity has detected a process was attached to via ptrace.
This rule when a process is attached to via ptrace. ptrace is a debugging tool. This rule does not block or prevent any activity.
ptrace is sometimes used by attackers to gain access to memory on the system to attempt to carry out attacks, or steal critical information.
Plesk is known to attach ptrace to its processes to prevent reverse engineering. Here are some log examples:
Mar 23 13:47:04 ns2 kernel: grsec: process /usr/sbin/sw-engine-fpm(sw-engine-fpm:1690) attached to via ptrace by /usr/sbin/sw-engine-fpm[sw-engine-fpm:1692] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/sw-engine-fpm[sw-engine-fpm:1690] uid/euid:0/0 gid/egid:0/0
Mar 23 14:07:15 ns2 kernel: grsec: process /usr/bin/sw-engine(sw-engine:5476) attached to via ptrace by /usr/bin/sw-engine[sw-engine:5477] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/sw-engine[sw-engine:5476] uid/euid:0/0 gid/egid:0/0