Set the system flag to force randomized virtual memory region placement.
Disabled = No ASLR (Memory address would not be randomizaed)
Conservative Randomization == Randomize addresses for Stack, Heap, Shared Libs, PIE, mmap(), VDRO
Full Randomization = Conservative Randomization + memory managed via brk()
Rationale:
Randomly placing virtual memory regions will make it difficult to write memory page exploits as the memory placement will be consistently shifting.
[Disabled/Conservative Randomization/Full Randomization]
Add the following line to the /etc/sysctl.conf file.
kernel.randomize_va_space = 2
oval:org.secpod.oval:def:46174
SCAP Repo OVAL Definition
2018-07-06