[PATCH] [Fedora] Fix remediation for 'Disable Prelinking' rule

Mon, 02 Dec 2013 02:58:44 -0800 

Based on 
https://lists.fedorahosted.org/pipermail/scap-security-guide/2013-December/004586.html
update the existing Fedora Disable Prelinking remediation definition
(to work also in case prelinking is commented out).

Change tested && pushed to master.

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
From e46bfc770ed9fb257ed6e0308de5a069bb8f475e Mon Sep 17 00:00:00 2001
From: Jan Lieskovsky <[email protected]>
Date: Mon, 2 Dec 2013 11:52:27 +0100
Subject: [PATCH] [Fedora] Fix remediation for 'Disable Prelinking' rule

Signed-off-by: Jan Lieskovsky <[email protected]>
---
 Fedora/input/fixes/bash/disable_prelink.sh | 8 +++++++-
 Fedora/scap-security-guide.spec            | 5 ++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/Fedora/input/fixes/bash/disable_prelink.sh b/Fedora/input/fixes/bash/disable_prelink.sh
index 98dc85d..888d53e 100644
--- a/Fedora/input/fixes/bash/disable_prelink.sh
+++ b/Fedora/input/fixes/bash/disable_prelink.sh
@@ -1,7 +1,13 @@
 #
 # Disable prelinking altogether
 #
-sed -i "s/PRELINKING.*/PRELINKING=no/g" /etc/sysconfig/prelink
+if grep -q ^PRELINKING /etc/sysconfig/prelink
+then
+  sed -i 's/PRELINKING.*/PRELINKING=no/g' /etc/sysconfig/prelink
+else
+  echo -e "\n# Set PRELINKING=no per security requirements" >> /etc/sysconfig/prelink
+  echo "PRELINKING=no" >> /etc/sysconfig/prelink
+fi
 
 #
 # Undo previous prelink changes to binaries
diff --git a/Fedora/scap-security-guide.spec b/Fedora/scap-security-guide.spec
index 75876b3..cd3ff7e 100644
--- a/Fedora/scap-security-guide.spec
+++ b/Fedora/scap-security-guide.spec
@@ -5,7 +5,7 @@
 # file one level up - in the main scap-security-guide directory (instead of
 # this one).
 
-%global	fedorassgversion	4.rc8
+%global	fedorassgversion	4.rc9
 
 Name:		scap-security-guide
 Version:	0.1.%{fedorassgversion}
@@ -54,6 +54,9 @@ cp -a Fedora/input/auxiliary/scap-security-guide.8 %{buildroot}%{_mandir}/en/man
 %doc Fedora/LICENSE Fedora/output/ssg-fedora-guide.html
 
 %changelog
+* Mon Dec 02 2013 Jan iankko Lieskovsky <[email protected]> 0.1.4.rc9-1
+- Fix remediation for Disable Prelinking rule
+
 * Fri Nov 29 2013 Jan iankko Lieskovsky <[email protected]> 0.1.4.rc8-1
 - OVAL check and remediation for sshd's ClientAliveCountMax rule
 - OVAL check for sshd's ClientAliveInterval rule
-- 
1.8.3.1


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide

Reply via email to