STIGQter STIGQter: STIG Summary: Solaris 11 X86 Security Technical Implementation Guide Version: 1 Release: 20 Benchmark Date: 24 Jan 2020: Address Space Layout Randomization (ASLR) must be enabled.

DISA Rule

SV-60895r3_rule

Vulnerability Number

V-48023

Group Title

SRG-OS-999999

Rule Version

SOL-11.1-080030

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

The root role is required.

This action applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is "global", this action applies.

Enable address space layout randomization.

# sxadm delcust aslr

Enabling ASLR may affect the function or stability of some applications, including those that use Solaris Intimate Shared Memory features.

Check Contents

This check applies to the global zone only.

Determine the zone that you are currently securing.

# zonename

If the command output is "global", this check applies.

Determine if address space layout randomization is enabled.

Determine the OS version you are currently securing:.
# uname –v

For Solaris 11, 11.1, 11.2, and 11.3:
# sxadm info -p | grep aslr | grep enabled

For Solaris 11.4 or newer:
# sxadm status -p -o status aslr | grep enabled

If no output is produced, this is a finding.

Vulnerability Number

V-48023

Documentable

False

Rule Version

SOL-11.1-080030

Severity Override Guidance

This check applies to the global zone only.

Determine the zone that you are currently securing.

# zonename

If the command output is "global", this check applies.

Determine if address space layout randomization is enabled.

Determine the OS version you are currently securing:.
# uname –v

For Solaris 11, 11.1, 11.2, and 11.3:
# sxadm info -p | grep aslr | grep enabled

For Solaris 11.4 or newer:
# sxadm status -p -o status aslr | grep enabled

If no output is produced, this is a finding.

Check Content Reference

M

Target Key

2108

Comments