highsystemverified ✓rollback-safe
Enable Address Space Layout Randomization (ASLR)
aslr-enabled · UBUNTU ≥ 22, RHEL ≥ 8 · 1 impl
Description
ASLR randomizes memory addresses used by system and application processes, making it more difficult for attackers to exploit memory corruption vulnerabilities.
Rationale
ASLR is a key defense against buffer overflow and memory corruption attacks. By randomizing memory layout, attackers cannot reliably predict target addresses for exploitation.
Check → Remediate
Checksysctl_value
- key:
- kernel.randomize_va_space
- expected:
- 2
Remediatesysctl_set
- key:
- kernel.randomize_va_space
- value:
- 2
Framework references
CIS
rhel8 1.5.8rhel9 1.5.3rhel10 1.5.8ubuntu24 1.5.2
STIG
V-230280V-257809V-270772 / UBTU-24-700310V-260474 / UBTU-22-213020V-281315 / RHEL-10-701130
NIST 800-53
SC-39
Live verification
rhel10:checkrhel8:checkrhel9:checkubuntu22:checkubuntu24:checkubuntu26:check
#aslr#security#memory#sysctl