Rule ID
SV-269452r1208318_rule
Version
V1R7
CCIs
ASLR makes it more difficult for an attacker to predict the location of attack code they have introduced into a process' address space during an attempt at exploitation. Additionally, ASLR makes it more difficult for an attacker to know the location of existing code to repurpose it using return oriented programming (ROP) techniques.
Verify AlmaLinux OS 9 is implementing ASLR with the following command: $ sysctl kernel.randomize_va_space kernel.randomize_va_space = 2 If "kernel.randomize_va_space" is not set to "2", this is a finding. Check that the configuration files are present to enable this kernel parameter: $ /usr/lib/systemd/systemd-sysctl --cat-config | egrep -v '^(#|;)' | grep -F kernel.randomize_va_space | tail -1 kernel.randomize_va_space = 2 If "kernel.randomize_va_space" is not set to "2", or is missing, this is a finding.
Configure the system to enable ASLR with the following command: $ echo 'kernel.randomize_va_space = 2' | sudo tee /etc/sysctl.d/60-aslr.conf Reload settings from all system configuration files with the following command: $ sudo sysctl --system