STIGQter STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 1 Release: 17 Benchmark Date: 25 Oct 2019: The system must implement virtual address space randomization.

DISA Rule

SV-65163r2_rule

Vulnerability Number

V-50957

Group Title

SRG-OS-999999

Rule Version

OL6-00-000078

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To set the runtime status of the "kernel.randomize_va_space" kernel parameter, run the following command:

# sysctl -w kernel.randomize_va_space=2

If this is not the system's default value, add the following line to "/etc/sysctl.conf":

kernel.randomize_va_space = 2

Check Contents

The status of the "kernel.randomize_va_space" kernel parameter can be queried by running the following commands:

$ sysctl kernel.randomize_va_space
$ grep kernel.randomize_va_space /etc/sysctl.conf

The output of the command should indicate a value of at least "1" (preferably "2"). If this value is not the default value, investigate how it could have been adjusted at runtime, and verify it is not set improperly in "/etc/sysctl.conf".
If the correct value is not returned, this is a finding.

Vulnerability Number

V-50957

Documentable

False

Rule Version

OL6-00-000078

Severity Override Guidance

The status of the "kernel.randomize_va_space" kernel parameter can be queried by running the following commands:

$ sysctl kernel.randomize_va_space
$ grep kernel.randomize_va_space /etc/sysctl.conf

The output of the command should indicate a value of at least "1" (preferably "2"). If this value is not the default value, investigate how it could have been adjusted at runtime, and verify it is not set improperly in "/etc/sysctl.conf".
If the correct value is not returned, this is a finding.

Check Content Reference

M

Target Key

2208

Comments