Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== 1.5.3 Ensure address space layout randomization (ASLR) is enabled (Scored) ====== =====Profile Applicability===== <code> Level 1 - Server Level 1 - Workstation </code> =====Description===== Address space layout randomization (ASLR) is an exploit mitigation technique which randomly arranges the address space of key data areas of a process. =====Rationale===== Randomly placing virtual memory regions will make it difficult to write memory page exploits as the memory placement will be consistently shifting. =====Audit===== Run the following command and verify output matches: <Code:bash> # sysctl kernel.randomize_va_space kernel.randomize_va_space = 2 </Code> =====Remediation===== Set the following parameter in the ''/etc/sysctl.conf'' file: <Code:bash> kernel.randomize_va_space = 2 </Code> Run the following command to set the active kernel parameter: <Code:bash> # sysctl -w kernel.randomize_va_space=2 </Code> ubuntu1604/1/5/3.txt Last modified: 2017/05/02 16:02by Piotr Kłoczewski