diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 4d4f765ea..31a220e38 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -109,5 +109,5 @@ kernel.core_uses_pid = 1
 # Block non-uid-0 profiling
 kernel.perf_event_paranoid = 3
 
-# Deny any ptrace use as there is no legitimate use-case for it on IPFire
-kernel.yama.ptrace_scope = 3
+# Only processes with CAP_SYS_PTRACE may use ptrace
+kernel.yama.ptrace_scope = 2