Set the system flag to force randomized virtual memory region placement. Disabled = No ASLR (Memory address would not be randomizaed) Conservative Randomization == Randomize addresses for Stack, Heap, Shared Libs, PIE, mmap(), VDRO Full Randomization = Conservative Randomization + memory managed via brk() Rationale: Randomly placing virtual memory regions will make it difficult to write memory page exploits as the memory placement will be consistently shifting. [Disabled/Conservative Randomization/Full Randomization] Add the following line to the /etc/sysctl.conf file. kernel.randomize_va_space = 2 oval:org.secpod.oval:def:46174 SCAP Repo OVAL Definition 2018-07-06