Detections
Analytics
RHEL-10-701130 - RHEL 10 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.
Information
ASLR makes it more difficult for an attacker to predict the location of attack code they have introduced into a process's address space during an attempt at exploitation. Additionally, ASLR makes it more difficult for an attacker to know the location of existing code to repurpose it using return-oriented programming techniques.Solution
Configure RHEL 10 to implement ASLR.Create the drop-in if it does not already exist:
$ sudo vi /etc/sysctl.d/99-kernel_randomize_va_space.conf
Add the following line to the file:
kernel.randomize_va_space = 2
Reload settings from all system configuration files with the following command:
$ sudo sysctl --system
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: SYSTEM AND INFORMATION INTEGRITY
References: 800-53|SI-16, CAT|II, CCI|CCI-002824, Rule-ID|SV-281315r1167095_rule, STIG-ID|RHEL-10-701130, Vuln-ID|V-281315
Plugin: Unix
Control ID: 468d4e9db1175e163835162c7583ebe45c2a1d7a91b670e3d0af01fc2ede359c