On 11/30/13, 11:35 AM, Dave Smith wrote:
This looks great, please push!

On 11/27/2013 10:40 AM, Jan Lieskovsky wrote:
Proposal for the "2.1.3.1.b. Disable Prelinking"
rule remediation.

Please review.

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team

0001-RHEL6-Add-remediation-for-Disable-Prelinking-rule.patch

From 102d335388c881e6f825b48c54e33f0e1e623767 Mon Sep 17 00:00:00 2001
From: Jan Lieskovsky <jlieskov@redhat.com>
Date: Wed, 27 Nov 2013 16:36:04 +0100
Subject: [PATCH] [RHEL6] Add remediation for Disable Prelinking rule

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
---
 RHEL6/input/fixes/bash/disable_prelink.sh | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 RHEL6/input/fixes/bash/disable_prelink.sh

diff --git a/RHEL6/input/fixes/bash/disable_prelink.sh b/RHEL6/input/fixes/bash/disable_prelink.sh
new file mode 100644
index 0000000..98dc85d
--- /dev/null
+++ b/RHEL6/input/fixes/bash/disable_prelink.sh
@@ -0,0 +1,9 @@
+#
+# Disable prelinking altogether
+#
+sed -i "s/PRELINKING.*/PRELINKING=no/g" /etc/sysconfig/prelink
+
+#
+# Undo previous prelink changes to binaries
+#
+/usr/sbin/prelink -ua

-- 
1.8.3.1


What if PRELINK was commented out? e.g.

# grep PRELINKING /etc/sysconfig/prelink
#PRELINKING=commented
[root@SSG-RHEL6 shared]# sed -i "s/PRELINKING.*/PRELINKING=no/g" /etc/sysconfig/prelink
[root@SSG-RHEL6 shared]# grep PRELINKING /etc/sysconfig/prelink
#PRELINKING=no


That's why the sysctl (+others) use something like:

if grep --silent ^PRELINKING /etc/sysconfig/prelink ; then
       sed -i 's/^PRELINKING.*/PRELINKING=no/g' /etc/sysconfig/prelink
else
       echo "" >> /etc/sysconfig/prelink
       echo "# Set PRELINKING=no per security requirements" >> /etc/sysconfig/prelink
       echo "PRELINKING=no" >> /etc/sysconfig/prelink