AlmaLinux OS 9 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-269452 | ALMA-09-044900 | SV-269452r1050335_rule | CCI-002824 | medium |
| Description | ||||
| ASLR makes it more difficult for an attacker to predict the location of attack code they have introduced into a process' address space during an attempt at exploitation. Additionally, ASLR makes it more difficult for an attacker to know the location of existing code to repurpose it using return oriented programming (ROP) techniques. | ||||
| STIG | Date | |||
| Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide | 2026-02-27 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
SI-16
1.00
- DISA · V1R6 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-002824
1.00
- DISA · V1R6 · disa_xccdf · related
Details
Check Text (C-269452r1050335_chk)
Verify AlmaLinux OS 9 is implementing ASLR with the following command:
$ sysctl kernel.randomize_va_space
kernel.randomize_va_space = 2
If "kernel.randomize_va_space" is not set to "2", or is missing, this is a finding.
Fix Text (F-73384r1048733_fix)
Configure the system to enable ASLR with the following command:
$ echo 'kernel.randomize_va_space = 2' > /etc/sysctl.d/60-aslr.conf
Reload settings from all system configuration files with the following command:
$ sysctl --system