1.6.3 Enable Randomized Virtual Memory Region Placement - kernel.randomize_va_space = 2

Information

Set the system flag to force randomized virtual memory region placement.

Rationale:

Randomly placing virtual memory regions will make it difficult for to write memory page exploits as the memory placement will be consistently shifting.

Solution

Add the following line to the /etc/sysctl.conf file.

kernel.randomize_va_space = 2

Default Value:

OS Default: Yes

See Also

https://workbench.cisecurity.org/files/3096

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SC-39, 800-53|SI-16, CSCv7|8.3

Plugin: Unix

Control ID: d9463d4af9c0718ecc02d94a31a921b952c932c9eb245dd0bc649a30e9c9913d