Disable IA32 emulation

An XCCDF Rule

Details
Profiles
Prose

Description

Disables support for legacy 32-bit programs under a 64-bit kernel. The configuration that was used to build kernel is available at /boot/config-*. To check the configuration value for CONFIG_IA32_EMULATION, run the following command: grep CONFIG_IA32_EMULATION /boot/config-* Configs with value 'n' are not explicitly set in the file, so either commented lines or no lines should be returned.

warning alert: Warning

Only disable support for 32-bit programs if you are sure you don't need any 32-bit program.

warning alert: Warning

There is no remediation for this besides re-compiling the kernel with the appropriate value for the config.

Rationale

Disabling 32-bit backwards compatibility helps reduce the attack surface.

ID: xccdf_org.ssgproject.content_rule_kernel_config_ia32_emulation
Severity: Medium
References: BP28(R25)
Updated: about 1 year ago