Profile Applicability:
• Level 1
Description:
ASLR is a security feature that randomizes the memory addresses used by system and application processes. This makes it harder for attackers to predict target addresses for exploits such as buffer overflows.
Rationale:
Enabling ASLR increases system resilience against memory corruption attacks by making exploit techniques unreliable and unpredictable.
Impact:
Pros:
Enhances protection against memory-based attacks.
Improves overall system security posture.
Cons:
Rare compatibility issues with legacy software may occur.
Default Value:
Most modern Linux distributions have ASLR enabled by default.
Pre-requisites:
Root or sudo privileges to verify and configure kernel parameters.
Remediation:
Test Plan:
Using Linux command line:
- Check the current ASLR status:
cat /proc/sys/kernel/randomize_va_space
Confirm the output is 2 (full randomization enabled).
Implementation Plan:
Using Linux command line:
1. Enable full ASLR by setting the kernel parameter:
sysctl -w kernel.randomize_va_space=2
2. Make the setting persistent by adding or editing /etc/sysctl.conf:
kernel.randomize_va_space = 2
3. Reload sysctl settings:
sysctl -p
Backout Plan:
Using Linux command line:
- To disable or reduce ASLR, set:
sysctl -w kernel.randomize_va_space=0
Remove or modify the entry in /etc/sysctl.conf.
Reload sysctl settings.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
Linux Kernel Documentation - ASLR