STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

RHEL 8 must implement non-executable data to protect its memory from unauthorized code execution.

DISA Rule

SV-230276r627750_rule

Vulnerability Number

V-230276

Group Title

SRG-OS-000433-GPOS-00192

Rule Version

RHEL-08-010420

Severity

CAT II

CCI(s)

• CCI-002824 - The information system implements organization-defined security safeguards to protect its memory from unauthorized code execution.

Weight

10

Fix Recommendation

The NX bit execute protection must be enabled in the system BIOS.

Check Contents

Verify the NX (no-execution) bit flag is set on the system.

Check that the no-execution bit flag is set with the following commands:

$ sudo dmesg | grep NX

[ 0.000000] NX (Execute Disable) protection: active

If "dmesg" does not show "NX (Execute Disable) protection" active, check the cpuinfo settings with the following command:

$ sudo less /proc/cpuinfo | grep -i flags
flags : fpu vme de pse tsc ms nx rdtscp lm constant_tsc

If "flags" does not contain the "nx" flag, this is a finding.

Vulnerability Number

V-230276

Documentable

False

Rule Version

RHEL-08-010420

Severity Override Guidance

Verify the NX (no-execution) bit flag is set on the system.

Check that the no-execution bit flag is set with the following commands:

$ sudo dmesg | grep NX

[ 0.000000] NX (Execute Disable) protection: active

If "dmesg" does not show "NX (Execute Disable) protection" active, check the cpuinfo settings with the following command:

$ sudo less /proc/cpuinfo | grep -i flags
flags : fpu vme de pse tsc ms nx rdtscp lm constant_tsc

If "flags" does not contain the "nx" flag, this is a finding.

Check Content Reference

M

Target Key

2921

Comments