Add kernel.randomize_va_space = 2

TommyTran732 · TommyTran732 · commit e6fd4508729c · 2025-05-28T05:41:11.000-07:00
Signed-off-by: Tommy &lt;contact@tommytran.io&gt;
diff --git a/etc/sysctl.d/99-server.conf b/etc/sysctl.d/99-server.conf
@@ -51,6 +51,10 @@ kernel.unprivileged_userns_clone = 0
 # Needed for gVisor, which is used on almost all of my servers.
 kernel.yama.ptrace_scope = 1
 
+# https://www.kernel.org/doc/Documentation/sysctl/kernel.txt
+# Use strongest ALSR mode
+kernel.randomize_va_space = 2
+
 # https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl
 # Restrict performance events from unprivileged users as much as possible.
 # We are using 4 here, since Ubuntu supports such a level.
diff --git a/etc/sysctl.d/99-workstation.conf b/etc/sysctl.d/99-workstation.conf
@@ -45,6 +45,10 @@ kernel.unprivileged_userns_clone = 1
 # Disable ptrace. Not needed on workstations.
 kernel.yama.ptrace_scope = 3
 
+# https://www.kernel.org/doc/Documentation/sysctl/kernel.txt
+# Use strongest ALSR mode
+kernel.randomize_va_space = 2
+
 # https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl
 # Restrict performance events from unprivileged users as much as possible.
 # We are using 4 here, since Ubuntu supports such a level.
