Details
Modern versions of 32bit processors of the x86 family support a feature that prevents code execution on a per memory page basis. On AMD processors, this feature is called No Execute (NX) and on Intel processors, it is called Execute Disable (XD).
Rationale:
This feature can help prevent buffer overflow exploits from running on the system. Where possible, this extra protection should be installed. Prior to running the remediation, dump out the cpuinfo by typing cat /proc/cpuinfo. In the flags field, verify that the flags pae and nx exist. If they do, proceed to the remediation section. If they do not, consult the processor guide for the processor you are running to determine if this feature exists and how to turn it on in the BIOS.
Solution
Run the following to install kernel-PAE
# yum install kernel-PAE
Default Value:
OS Default: N/A
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection, System and Information Integrity.This control applies to the following type of system Unix.