diff --git a/controls/cis_rhel7.yml b/controls/cis_rhel7.yml index 70f19a1b343..097caeafcb1 100644 --- a/controls/cis_rhel7.yml +++ b/controls/cis_rhel7.yml @@ -401,9 +401,9 @@ controls: levels: - l1_server - l1_workstation - status: planned - notes: >- - The rule to remove prelink package is missing. + status: automated + rules: + - package_prelink_removed - id: 1.6.1.1 title: Ensure SELinux is installed (Automated) diff --git a/linux_os/guide/system/software/integrity/package_prelink_removed/ansible/shared.yml b/linux_os/guide/system/software/integrity/package_prelink_removed/ansible/shared.yml new file mode 100644 index 00000000000..69c9208f7e5 --- /dev/null +++ b/linux_os/guide/system/software/integrity/package_prelink_removed/ansible/shared.yml @@ -0,0 +1,22 @@ +# platform = multi_platform_all +# reboot = false +# strategy = disable +# complexity = medium +# disruption = low + +- name: Check If Prelinked Is Installed + ansible.builtin.stat: + path: /usr/sbin/prelink + get_checksum: no + register: prelink + +- name: Restore Prelinked Binaries + ansible.builtin.shell: + cmd: prelink -ua + when: prelink.stat.exists + +- name: Ensure prelink is Removed + ansible.builtin.package: + name: "prelink" + state: absent + diff --git a/linux_os/guide/system/software/integrity/package_prelink_removed/bash/shared.sh b/linux_os/guide/system/software/integrity/package_prelink_removed/bash/shared.sh new file mode 100644 index 00000000000..65d1f61dcff --- /dev/null +++ b/linux_os/guide/system/software/integrity/package_prelink_removed/bash/shared.sh @@ -0,0 +1,12 @@ +# platform = multi_platform_all +# reboot = false +# strategy = disable +# complexity = medium +# disruption = low + +if [[ -f /usr/sbin/prelink ]]; +then +prelink -ua +fi + +{{{ bash_package_remove(package="prelink") }}} diff --git a/linux_os/guide/system/software/integrity/package_prelink_removed/rule.yml b/linux_os/guide/system/software/integrity/package_prelink_removed/rule.yml new file mode 100644 index 00000000000..da04ac61211 --- /dev/null +++ b/linux_os/guide/system/software/integrity/package_prelink_removed/rule.yml @@ -0,0 +1,27 @@ +documentation_complete: true + +prodtype: rhel7 + +title: 'Package "prelink" Must not be Installed' + +description: |- + {{{ describe_package_remove(package="prelink") }}} + + +rationale: |- + The use of the prelink package can interfere with the operation of AIDE since it binaries. + Prelinking can also increase damage caused by vulnerability in a common library like libc. + +severity: medium + +identifiers: + cce@rhel7: CCE-86562-6 + +references: + cis@rhel7: 1.5.4 + +template: + name: package_removed + vars: + pkgname: prelink + diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt index dc651e6a550..2343ef340ee 100644 --- a/shared/references/cce-redhat-avail.txt +++ b/shared/references/cce-redhat-avail.txt @@ -365,7 +365,6 @@ CCE-86558-4 CCE-86559-2 CCE-86560-0 CCE-86561-8 -CCE-86562-6 CCE-86563-4 CCE-86564-2 CCE-86565-9