From 2758b47f5b9a9a850e8a1b612cac3403e26c5715 Mon Sep 17 00:00:00 2001
From: gbucchino <gbucchino@fortinet-us.com>
Date: Thu, 14 Sep 2023 08:13:37 +0200
Subject: [PATCH] Move kernel sysctl

---
 audit/system/plugins/kernel_va_space.py | 13 -------------
 audit/system/plugins/sysctl.py          | 10 ++++++++++
 2 files changed, 10 insertions(+), 13 deletions(-)
 delete mode 100644 audit/system/plugins/kernel_va_space.py

diff --git a/audit/system/plugins/kernel_va_space.py b/audit/system/plugins/kernel_va_space.py
deleted file mode 100644
index fab6582..0000000
--- a/audit/system/plugins/kernel_va_space.py
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/usr/bin/env python3
-
-def kernel_va_space() -> list:
-    va = list()
-    sysctl.append({
-        "from": "cis",
-        "id": "",
-        "description": "",
-        "flag": "kernel.randomize_va_space",
-        "value": 2,
-        "level": "medium",
-    })
-    return va
diff --git a/audit/system/plugins/sysctl.py b/audit/system/plugins/sysctl.py
index 095e51d..564f08b 100644
--- a/audit/system/plugins/sysctl.py
+++ b/audit/system/plugins/sysctl.py
@@ -214,6 +214,16 @@ def sysctl() -> list:
         "value": 0,
         "level": "medium",
     })
+    # Random VirtualAddress
+    sysctl.append({
+        "from": "cis",
+        "id": "",
+        "description": "Enable random VirtualAddress space for avoiding buffer overflow attacks",
+        "flag": "kernel.randomize_va_space",
+        "value": 2,
+        "level": "medium",
+    })
+
 
 
     return sysctl