STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018: STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:SV-100467r1_rule
V-89817
SRG-OS-000433-GPOS-00192
VRAU-SL-001335
CAT II
10
Edit the /boot/grub/menu.lst file and add “noexec=on” to the end of each kernel line entry. A system restart is required to implement this change.
The stock kernel has support for non-executable program stacks compiled in by default. Verify that the option was specified when the kernel was built:
# grep -i "execute" /var/log/boot.msg
The message: "NX (Execute Disable) protection: active" will be written in the boot log when compiled in the kernel. This is the default for x86_64.
To activate this support, the “noexec=on” kernel parameter must be specified at boot time. Check for a message with the following command:
# grep –i "noexec" /var/log/boot.msg
The message: "Kernel command line: <boot parameters> noexec=on" will be written to the boot log when properly appended to the /boot/grub/menu.lst file.
If non-executable program stacks have not been configured, this is a finding.
V-89817
False
VRAU-SL-001335
The stock kernel has support for non-executable program stacks compiled in by default. Verify that the option was specified when the kernel was built:
# grep -i "execute" /var/log/boot.msg
The message: "NX (Execute Disable) protection: active" will be written in the boot log when compiled in the kernel. This is the default for x86_64.
To activate this support, the “noexec=on” kernel parameter must be specified at boot time. Check for a message with the following command:
# grep –i "noexec" /var/log/boot.msg
The message: "Kernel command line: <boot parameters> noexec=on" will be written to the boot log when properly appended to the /boot/grub/menu.lst file.
If non-executable program stacks have not been configured, this is a finding.
M
3459