1.6.2 Configure ExecShield - kernel.exec-shield = 1

Information

Execshield is made up of a number of kernel features to provide protection against buffer overflow attacks. These features include prevention of execution in memory data space, and special handling of text buffers.

Rationale:

Enabling any feature that can protect against buffer overflow attacks enhances the security of the system.

Solution

Add the following line to the /etc/sysctl.conf file.

kernel.exec-shield = 1

Default Value:

OS Default: Yes

See Also

https://workbench.cisecurity.org/files/3096

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv6|8.4, CSCv7|5.1

Plugin: Unix

Control ID: 7741f45c06e08deda658261395e84427e4ee1e2cdd2ef9633432e6cbc636ba9f