1.6.4 Enable XD/NX Support on 32-bit x86 Systems - kernel-PAE

Information

Modern versions of 32bit processors of the x86 family support a feature that prevents code execution on a per memory page basis. On AMD processors, this feature is called No Execute (NX) and on Intel processors, it is called Execute Disable (XD).

Rationale:

This feature can help prevent buffer overflow exploits from running on the system. Where possible, this extra protection should be installed. Prior to running the remediation, dump out the cpuinfo by typing cat /proc/cpuinfo. In the flags field, verify that the flags pae and nx exist. If they do, proceed to the remediation section. If they do not, consult the processor guide for the processor you are running to determine if this feature exists and how to turn it on in the BIOS.

Solution

Run the following to install kernel-PAE

# yum install kernel-PAE

Default Value:

OS Default: N/A

See Also

https://workbench.cisecurity.org/files/3096

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SC-39, 800-53|SI-16, CSCv6|2.2, CSCv7|8.3

Plugin: Unix

Control ID: 40d35b9cb65dd5499e695ba4f93bee26e2ec5da3317cc520e187d67ac80631b2