ExternalMirrors
/
linux-formula
spogulis no https://github.com/salt-formulas/salt-formula-linux
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 1
Kods Problēmas 0 Laidieni 8 Vikivietne Aktivitāte
Saltstack Official Linux Formula
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
758 Revīzijas
26 Atzari
Koks: e85db680ac
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no 'e85db680ac'
${ noResults }
linux-formula/metadata/service/system/cis/cis-1-5-3.yml

cis-1-5-3.yml 929B
Neapstrādāts Parastais skats Vēsture

CIS compliance (sysctl, limits) * CIS 1.5.1 Ensure core dumps are restricted * CIS 1.5.3 Ensure address space layout randomization (ASLR) is enabled * CIS 3.1.2 Ensure packet redirect sending is disabled * CIS 3.2.1 Ensure source routed packets are not accepted * CIS 3.2.2 Ensure ICMP redirects are not accepted * CIS 3.2.3 Ensure secure ICMP redirects are not accepted * CIS 3.2.4 Ensure suspicious packets are logged * CIS 3.2.5 Ensure broadcast ICMP requests are ignored * CIS 3.2.6 Ensure bogus ICMP responses are ignored * CIS 3.2.7 Ensure Reverse Path Filtering is enabled * CIS 3.2.8 Ensure TCP SYN Cookies is enabled All sysctls are valid for Ubuntu 14.04, Ubuntu 16.04. Change-Id: I48f34c55d97a78c253d4810db46b2a04ff5c0c1a
pirms 6 gadiem
 12345678910111213141516171819202122232425262728293031323334353637383940 
  1. # 1.5.3 Ensure address space layout randomization (ASLR) is enabled

  2. #

  3. # Description

  4. # ===========

  5. #

  6. # Address space layout randomization (ASLR) is an exploit mitigation technique which

  7. # randomly arranges the address space of key data areas of a process.

  8. #

  9. # Rationale

  10. # =========

  11. #

  12. # Randomly placing virtual memory regions will make it difficult to write memory page

  13. # exploits as the memory placement will be consistently shifting.

  14. #

  15. # Audit

  16. # =====

  17. #

  18. # Run the following command and verify output matches:

  19. #

  20. #   # sysctl kernel.randomize_va_space

  21. #   kernel.randomize_va_space = 2

  22. #

  23. # Remediation

  24. # ===========

  25. #

  26. # Set the following parameter in the /etc/sysctl.conf file:

  27. #

  28. #   kernel.randomize_va_space = 2

  29. #

  30. # Run the following command to set the active kernel parameter:

  31. #

  32. #   # sysctl -w kernel.randomize_va_space=2

  33. 

  34. parameters:

  35.   linux:

  36.     system:

  37.       kernel:

  38.         sysctl:

  39.           kernel.randomize_va_space: 2

  40.