Package "prelink" Must not be Installed

Docs > Plateforme de sécurité Datadog > OOTB Rules > Package "prelink" Must not be Installed

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

The prelink package can be removed with the following command:


 $ apt-get remove prelink

Rationale

The use of the prelink package can interfere with the operation of AIDE since it binaries. Prelinking can also increase damage caused by vulnerability in a common library like libc.

Remediation

Shell script

The following script can be run on the host to remediate the issue.

#!/bin/bash

if [[ -f /usr/sbin/prelink ]];
then
prelink -ua
fi

DEBIAN_FRONTEND=noninteractive apt-get remove -y "prelink"

Ansible playbook

The following playbook can be run with Ansible to remediate the issue.

- name: Check If Prelinked Is Installed
  ansible.builtin.stat:
    path: /usr/sbin/prelink
    get_checksum: false
  register: prelink
  tags:
  - disable_strategy
  - low_disruption
  - medium_complexity
  - medium_severity
  - no_reboot_needed
  - package_prelink_removed

- name: Restore Prelinked Binaries
  ansible.builtin.command:
    cmd: prelink -ua
  when: prelink.stat.exists
  tags:
  - disable_strategy
  - low_disruption
  - medium_complexity
  - medium_severity
  - no_reboot_needed
  - package_prelink_removed

- name: Ensure prelink is Removed
  ansible.builtin.package:
    name: prelink
    state: absent
  tags:
  - disable_strategy
  - low_disruption
  - medium_complexity
  - medium_severity
  - no_reboot_needed
  - package_prelink_removed