Enable Randomized Virtual Memory Region Placement – kernel.randomize_va_space = 2

Details

Set the system flag to force randomized virtual memory region placement.

Rationale:

Randomly placing virtual memory regions will make it difficult for to write memory page exploits as the memory placement will be consistently shifting.

Solution

Add the following line to the /etc/sysctl.conf file.

kernel.randomize_va_space = 2

Default Value:

OS Default: Yes

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/3096

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection, System and Information Integrity.This control applies to the following type of system Unix.

References

800-53|SC-39
800-53|SI-16
CSCv7|8.3

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles