-
Notifications
You must be signed in to change notification settings - Fork 710
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #10062 from Mab879/add_package_prelink_removed
Add package prelink removed
- Loading branch information
Showing
5 changed files
with
64 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 22 additions & 0 deletions
22
linux_os/guide/system/software/integrity/package_prelink_removed/ansible/shared.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # platform = multi_platform_all | ||
| # reboot = false | ||
| # strategy = disable | ||
| # complexity = medium | ||
| # disruption = low | ||
|
|
||
| - name: Check If Prelinked Is Installed | ||
| ansible.builtin.stat: | ||
| path: /usr/sbin/prelink | ||
| get_checksum: no | ||
| register: prelink | ||
|
|
||
| - name: Restore Prelinked Binaries | ||
| ansible.builtin.shell: | ||
| cmd: prelink -ua | ||
| when: prelink.stat.exists | ||
|
|
||
| - name: Ensure prelink is Removed | ||
| ansible.builtin.package: | ||
| name: "prelink" | ||
| state: absent | ||
|
|
12 changes: 12 additions & 0 deletions
12
linux_os/guide/system/software/integrity/package_prelink_removed/bash/shared.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| # platform = multi_platform_all | ||
| # reboot = false | ||
| # strategy = disable | ||
| # complexity = medium | ||
| # disruption = low | ||
|
|
||
| if [[ -f /usr/sbin/prelink ]]; | ||
| then | ||
| prelink -ua | ||
| fi | ||
|
|
||
| {{{ bash_package_remove(package="prelink") }}} |
27 changes: 27 additions & 0 deletions
27
linux_os/guide/system/software/integrity/package_prelink_removed/rule.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| documentation_complete: true | ||
|
|
||
| prodtype: rhel7 | ||
|
|
||
| title: 'Package "prelink" Must not be Installed' | ||
|
|
||
| description: |- | ||
| {{{ describe_package_remove(package="prelink") }}} | ||
| rationale: |- | ||
| The use of the <tt>prelink</tt> package can interfere with the operation of AIDE since it binaries. | ||
| Prelinking can also increase damage caused by vulnerability in a common library like libc. | ||
| severity: medium | ||
|
|
||
| identifiers: | ||
| cce@rhel7: CCE-86562-6 | ||
|
|
||
| references: | ||
| cis@rhel7: 1.5.4 | ||
|
|
||
| template: | ||
| name: package_removed | ||
| vars: | ||
| pkgname: prelink | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -365,7 +365,6 @@ CCE-86558-4 | |
| CCE-86559-2 | ||
| CCE-86560-0 | ||
| CCE-86561-8 | ||
| CCE-86562-6 | ||
| CCE-86563-4 | ||
| CCE-86564-2 | ||
| CCE-86565-9 | ||
|
|
||