STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The system must implement virtual address space randomization.

DISA Rule

SV-208848r603263_rule

Vulnerability Number

V-208848

Group Title

SRG-OS-000480

Rule Version

OL6-00-000078

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

To set the runtime status of the "kernel.randomize_va_space" kernel parameter, run the following command:

# sysctl -w kernel.randomize_va_space=2

If this is not the system's default value, add the following line to "/etc/sysctl.conf":

kernel.randomize_va_space = 2

Check Contents

The status of the "kernel.randomize_va_space" kernel parameter can be queried by running the following commands:

$ sysctl kernel.randomize_va_space
$ grep kernel.randomize_va_space /etc/sysctl.conf

The output of the command should indicate a value of at least "1" (preferably "2"). If this value is not the default value, investigate how it could have been adjusted at runtime, and verify it is not set improperly in "/etc/sysctl.conf".
If the correct value is not returned, this is a finding.

Vulnerability Number

V-208848

Documentable

False

Rule Version

OL6-00-000078

Severity Override Guidance

The status of the "kernel.randomize_va_space" kernel parameter can be queried by running the following commands:

$ sysctl kernel.randomize_va_space
$ grep kernel.randomize_va_space /etc/sysctl.conf

The output of the command should indicate a value of at least "1" (preferably "2"). If this value is not the default value, investigate how it could have been adjusted at runtime, and verify it is not set improperly in "/etc/sysctl.conf".
If the correct value is not returned, this is a finding.

Check Content Reference

M

Target Key

2928

Comments