grep -i pss /proc/*/smaps
Permission denied for most /proc/<pid>/smaps files. Each failure is logged by auditd, creating thousands of audit records and rapidly filling /var/log/audit. This triggers incident tickets and potential system impact./proc/<pid>/smaps is part of the Linux virtual filesystem. While ls -l shows -r--r--r--, access is controlled by kernel security settings, not just file mode.Hardened environments often enforce:
kernel.yama.ptrace_scope=1 or 2 (restricts reading other processes’ memory maps)./proc mounted with hidepid=1 or 2 (hides process details from non-root users).cat /proc/mounts | grep /proc cat /proc/sys/kernel/yama/ptrace_scope cat /proc/sys/kernel/hidepidhidepid > 0 or ptrace_scope > 0 then a hardened environment is confirmed.Several resolutions are available for this issue.
Disable the "OS And Instance Statistics" collection for the Oracle database agent.
Refer to Knowledgebase article 4309218 for details on how to disable a specific database agent collection.
Note: The “OS and Instance Statistics” collection in the Oracle agent is responsible for gathering vital operating system-level and database instance resource metrics: CPU, memory, I/O, load, and internal Oracle wait stats. Turning off this collection will prevent the agent from having visibility into Oracle server CPU, memory, swap, disk, network, or server-level resource bottlenecks for performance baselining and post-incident forensics.
Impacted areas:
Suppress the audit noise (requires security approval):
auditctl -a never,exit -F exe=/usr/bin/grep -F auid=<foglight_uid>
Run the OS user as sudo.
Note: This may still generate a lot of I/O and potentially audit “success” records depending on audit rules.
For Oracle cartridges at 7.3.1.10 or higher, turn off the Oracle memory monitoring as described in Knowledgebase article 4378626.