Puppet Class: cis_security_hardening::rules::enable_aslr

Defined in:
manifests/rules/enable_aslr.pp

Summary

Ensure address space layout randomization (ASLR) is enabled

Overview

Address space layout randomization (ASLR) is an exploit mitigation technique which randomly arranges the address space of key data areas of a process.

Rationale: Randomly placing virtual memory regions will make it difficult to write memory page exploits as the memory placement will be consistently shifting.

Examples:

class { 'cis_security_hardening::rules::enable_aslr':
    enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule



20
21
22
23
24
25
26
27
28
29
30
 
# File 'manifests/rules/enable_aslr.pp', line 20

class cis_security_hardening::rules::enable_aslr (
  Boolean $enforce = false,
) {
  if $enforce {
    sysctl { 'kernel.randomize_va_space':
      ensure    => present,
      permanent => 'yes',
      value     => 2,
    }
  }
}