[PATCH] Created a check to ensure prelinking has been disabled and added the oval id to the disable_prelink rule inside the integrity.xml file.

Fri, 08 Nov 2013 06:45:39 -0800 

Signed-off-by: Caleb Cooper <[email protected]>
---
 RHEL6/input/checks/disable_prelink.xml    |   24 ++++++++++++++++++++++++
 RHEL6/input/system/software/integrity.xml |    1 +
 2 files changed, 25 insertions(+), 0 deletions(-)
 create mode 100644 RHEL6/input/checks/disable_prelink.xml

diff --git a/RHEL6/input/checks/disable_prelink.xml 
b/RHEL6/input/checks/disable_prelink.xml
new file mode 100644
index 0000000..5bebdc0
--- /dev/null
+++ b/RHEL6/input/checks/disable_prelink.xml
@@ -0,0 +1,24 @@
+<def-group>
+  <definition class="compliance" id="disable_prelink" version="1">
+    <metadata>
+      <title>Disable Prelinking</title>
+      <affected family="unix">
+        <platform>Red Hat Enterprise Linux 6</platform>
+      </affected>
+      <description>The prelinking feature can interfere with the operation of 
AIDE, because it changes binaries. </description>
+    </metadata>
+    <criteria>
+      <criterion comment="Ensure prelinking is diabled" 
test_ref="test_prelinking_no" />
+    </criteria>
+  </definition>
+  <ind:textfilecontent54_test check="all" check_existence="all_exist"
+  comment="Tests whether prelinking is disabled"
+  id="test_prelinking_no" version="1">
+    <ind:object object_ref="obj_prelinking_no" />
+  </ind:textfilecontent54_test>
+  <ind:textfilecontent54_object id="obj_prelinking_no" version="1">
+    <ind:filepath>/etc/sysconfig/prelink</ind:filepath>
+    <ind:pattern operation="pattern match">^PRELINKING=no$</ind:pattern>
+    <ind:instance datatype="int">1</ind:instance>
+  </ind:textfilecontent54_object>
+</def-group>
diff --git a/RHEL6/input/system/software/integrity.xml 
b/RHEL6/input/system/software/integrity.xml
index b180f3a..4807009 100644
--- a/RHEL6/input/system/software/integrity.xml
+++ b/RHEL6/input/system/software/integrity.xml
@@ -60,6 +60,7 @@ The prelinking feature can interfere with the operation
 of AIDE, because it changes binaries.
 </rationale>
 <ident cce="27221-1" />
+<oval id="disable_prelink" />
 <ref nist="CM-6(d),CM-6(3),SC-28, SI-7" />
 </Rule>
 
-- 
1.7.1

_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide

Reply via email to