Package "prelink" Must not be Installed

Docs > Datadog Security > OOTB Rules > Package "prelink" Must not be Installed

Classification:

compliance

Framework:

Control:

Description

The prelink package can be removed with the following command:


 $ apt-get remove prelink

Rationale

The use of the prelink package can interfere with the operation of AIDE since it binaries. Prelinking can also increase damage caused by vulnerability in a common library like libc.

Remediation

Shell script

The following script can be run on the host to remediate the issue.

if [[ -f /usr/sbin/prelink ]];
then
prelink -ua
fi

DEBIAN\_FRONTEND=noninteractive apt-get remove -y "prelink"

Ansible playbook

The following playbook can be run with Ansible to remediate the issue.

- name: Check If Prelinked Is Installed
 ansible.builtin.stat:
 path: /usr/sbin/prelink
 get\_checksum: false
 register: prelink
 tags:
 - disable\_strategy
 - low\_disruption
 - medium\_complexity
 - medium\_severity
 - no\_reboot\_needed
 - package\_prelink\_removed

- name: Restore Prelinked Binaries
 ansible.builtin.command:
 cmd: prelink -ua
 when: prelink.stat.exists
 tags:
 - disable\_strategy
 - low\_disruption
 - medium\_complexity
 - medium\_severity
 - no\_reboot\_needed
 - package\_prelink\_removed

- name: Ensure prelink is Removed
 ansible.builtin.package:
 name: prelink
 state: absent
 tags:
 - disable\_strategy
 - low\_disruption
 - medium\_complexity
 - medium\_severity
 - no\_reboot\_needed
 - package\_prelink\_removed