STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

RHEL 8 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.

DISA Rule

SV-230280r627750_rule

Vulnerability Number

V-230280

Group Title

SRG-OS-000433-GPOS-00193

Rule Version

RHEL-08-010430

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the operating system to implement virtual address space randomization.

Set the system to the required kernel parameter by adding the following line to "/etc/sysctl.d/*.conf"(or modify the line to have the required value):

kernel.randomize_va_space=2

Issue the following command to make the changes take effect:

$ sudo sysctl --system

Check Contents

Verify RHEL 8 implements ASLR with the following command:

$ sudo sysctl kernel.randomize_va_space

kernel.randomize_va_space = 2

If nothing is returned, verify the kernel parameter "randomize_va_space" is set to "2" with the following command:

$ sudo cat /proc/sys/kernel/randomize_va_space

2

If "kernel.randomize_va_space" is not set to "2", this is a finding.

Vulnerability Number

V-230280

Documentable

False

Rule Version

RHEL-08-010430

Severity Override Guidance

Verify RHEL 8 implements ASLR with the following command:

$ sudo sysctl kernel.randomize_va_space

kernel.randomize_va_space = 2

If nothing is returned, verify the kernel parameter "randomize_va_space" is set to "2" with the following command:

$ sudo cat /proc/sys/kernel/randomize_va_space

2

If "kernel.randomize_va_space" is not set to "2", this is a finding.

Check Content Reference

M

Target Key

2921

Comments