[PATCH] [Fedora] Add remediation for Disable Prelinking rule

Jan Lieskovsky Thu, 28 Nov 2013 11:03:17 -0800

Based on: 
https://lists.fedorahosted.org/pipermail/scap-security-guide/2013-November/004574.html
add remediation for the "Disable Prelinking" rule also for Fedora.


(Test and works for me, but) Please review.

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team

From f07bd26f7ff2163ed532d3ea9a785dd3a2e776df Mon Sep 17 00:00:00 2001
From: Jan Lieskovsky <[email protected]>
Date: Thu, 28 Nov 2013 19:59:10 +0100
Subject: [PATCH] [Fedora] Add remediation for Disable Prelinking rule

Signed-off-by: Jan Lieskovsky <[email protected]>
---
 Fedora/input/fixes/bash/disable_prelink.sh | 9 +++++++++
 Fedora/scap-security-guide.spec            | 1 +
 2 files changed, 10 insertions(+)
 create mode 100644 Fedora/input/fixes/bash/disable_prelink.sh

diff --git a/Fedora/input/fixes/bash/disable_prelink.sh b/Fedora/input/fixes/bash/disable_prelink.sh
new file mode 100644
index 0000000..98dc85d
--- /dev/null
+++ b/Fedora/input/fixes/bash/disable_prelink.sh
@@ -0,0 +1,9 @@
+#
+# Disable prelinking altogether
+#
+sed -i "s/PRELINKING.*/PRELINKING=no/g" /etc/sysconfig/prelink
+
+#
+# Undo previous prelink changes to binaries
+#
+/usr/sbin/prelink -ua
diff --git a/Fedora/scap-security-guide.spec b/Fedora/scap-security-guide.spec
index 470bee1..c7f5fe8 100644
--- a/Fedora/scap-security-guide.spec
+++ b/Fedora/scap-security-guide.spec
@@ -58,6 +58,7 @@ cp -a Fedora/input/auxiliary/scap-security-guide.8 %{buildroot}%{_mandir}/en/man
 - Include descriptions for permissions section, and rules for checking
   permissions and ownership of shared library files and system executables
 - Disable selected rules by default
+- Add remediation for Disable Prelinking rule
 
 * Tue Nov 26 2013 Jan iankko Lieskovsky <[email protected]> 0.1.4.rc6-1
 - Adjust service-enable-macro, service-disable-macro XSLT transforms
-- 
1.8.3.1

_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide

[PATCH] [Fedora] Add remediation for Disable Prelinking rule

Reply via email to