Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-239140 | PHTN-67-000069 | SV-239140r675228_rule | Medium |
Description |
---|
ASLR makes it more difficult for an attacker to predict the location of attack code he or she has introduced into a process's address space during an attempt at exploitation. Additionally, ASLR also makes it more difficult for an attacker to know the location of existing code to repurpose it using return-oriented programming techniques. |
STIG | Date |
---|---|
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide | 2021-04-15 |
Check Text ( C-42351r675226_chk ) |
---|
At the command line, execute the following command: # cat /proc/sys/kernel/randomize_va_space If the value of "randomize_va_space" is not "2", this is a finding. |
Fix Text (F-42310r675227_fix) |
---|
Open /etc/sysctl.d/50-security-hardening.conf with a text editor. Ensure that the "randomize_va_space" is uncommented and set to the following: kernel.randomize_va_space=2 At the command line, execute the following command: # sysctl --system |