{"description": "In support of Kernel Address Space Layout Randomization (KASLR), this randomizes the physical\naddress at which the kernel image is decompressed and the virtual address where the kernel\nimage is mapped.\n\nThe configuration that was used to build kernel is available at <tt>/boot/config-*</tt>.\n    To check the configuration value for <tt>CONFIG_RANDOMIZE_BASE</tt>, run the following command:\n    <tt>grep CONFIG_RANDOMIZE_BASE /boot/config-*</tt>\n    \n    For each kernel installed, a line with value \"y\" should be returned.\n    ", "rationale": "An unpredictable kernel address makes it more difficult to succeed with exploits that rely on\nknowledge of the location of kernel code internals.", "severity": "medium", "references": {"anssi": ["R25", "R27"]}, "control_references": {"anssi": ["R25", "R27"]}, "components": [], "identifiers": {}, "ocil_clause": "the kernel was not built with the required value", "ocil": "To determine the config value the kernel was built with, run the following command:\n    <pre>$ grep CONFIG_RANDOMIZE_BASE /boot/config.*</pre>\n    \n    For each kernel installed, a line with value \"y\" should be returned.\n    ", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [{"general": "There is no remediation for this besides re-compiling the kernel with the appropriate value for the config."}], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Randomize the address of the kernel image (KASLR)", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/kernel_build_config/kernel_config_randomize_base/rule.yml", "template": {"name": "kernel_build_config", "vars": {"config": "CONFIG_RANDOMIZE_BASE", "value": "y"}, "backends": {}}}