Detections
Analytics
RHEL-06-000079 - The system must limit the ability of processes to have simultaneous write and execute access to memory - sysctl
Information
ExecShield uses the segmentation feature on all x86 systems to prevent execution in memory higher than a certain address. It writes an address as a limit in the code segment descriptor, to control where code can be executed, on a per-process basis. When the kernel places a process's memory regions such as the stack and heap higher than this address, the hardware prevents execution in that address range.Solution
To set the runtime status of the 'kernel.exec-shield' kernel parameter, run the following command:# sysctl -w kernel.exec-shield=1
Set the system to the required kernel parameter by adding the following line to '/etc/sysctl.conf' or a config file in the /etc/sysctl.d/ directory (or modify the line to have the required value):
kernel.exec-shield = 1
Issue the following command to make the changes take effect:
# sysctl --system
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_6_V2R2_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 6 STIG v2r2
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-217910r603264_rule, STIG-ID|RHEL-06-000079, STIG-Legacy|SV-50398, STIG-Legacy|V-38597, Vuln-ID|V-217910
Plugin: Unix
Control ID: 51f349471a571c9f83bac46384a143a39b250a0e9e8936c91d72df2840091766