The Photon operating system must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.

An XCCDF Rule

Description

<VulnDiscussion>ASLR makes it more difficult for an attacker to predict the location of attack code they have introduced into a process's address space during an attempt at exploitation. ASLR also makes it more difficult for an attacker to know the location of existing code to repurpose it using return-oriented programming (ROP) techniques.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-256535r887279_rule
Severity: Medium
References: CCI-002824
Updated: 8 months ago

Navigate to and open:

/etc/sysctl.d/50-security-hardening.conf

Ensure the "randomize_va_space" is uncommented and set to the following:
kernel.randomize_va_space=2

At the command line, run the following command:

# sysctl --system

The Photon operating system must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.

Description

Remediation - Manual Procedure