AlmaLinux OS 9 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.

An XCCDF Rule

Details
Profiles

Description

ASLR makes it more difficult for an attacker to predict the location of attack code they have introduced into a process' address space during an attempt at exploitation. Additionally, ASLR makes it more difficult for an attacker to know the location of existing code to repurpose it using return oriented programming (ROP) techniques.

ID: SV-269452r1050335_rule
Version: ALMA-09-044900
Severity: Medium
References: CCI-002824
Updated: about 2 months ago

Remediation Templates

Configure the system to enable ASLR with the following command:

$ echo 'kernel.randomize_va_space = 2' > /etc/sysctl.d/60-aslr.conf

Reload settings from all system configuration files with the following command:

$ sysctl --system

AlmaLinux OS 9 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.

Description

Remediation Templates

A Manual Procedure