Package "prelink" Must not be Installed

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

The prelink package can be removed with the following command:


 $ apt-get remove prelink

Rationale

The use of the prelink package can interfere with the operation of AIDE since it binaries. Prelinking can also increase damage caused by vulnerability in a common library like libc.

Remediation

Shell script

The following script can be run on the host to remediate the issue.

#!/bin/bash

if [[ -f /usr/sbin/prelink ]];
then
prelink -ua
fi

DEBIAN_FRONTEND=noninteractive apt-get remove -y "prelink"

Ansible playbook

The following playbook can be run with Ansible to remediate the issue.

- name: Check If Prelinked Is Installed
  ansible.builtin.stat:
    path: /usr/sbin/prelink
    get_checksum: false
  register: prelink
  tags:
  - disable_strategy
  - low_disruption
  - medium_complexity
  - medium_severity
  - no_reboot_needed
  - package_prelink_removed

- name: Restore Prelinked Binaries
  ansible.builtin.command:
    cmd: prelink -ua
  when: prelink.stat.exists
  tags:
  - disable_strategy
  - low_disruption
  - medium_complexity
  - medium_severity
  - no_reboot_needed
  - package_prelink_removed

- name: Ensure prelink is Removed
  ansible.builtin.package:
    name: prelink
    state: absent
  tags:
  - disable_strategy
  - low_disruption
  - medium_complexity
  - medium_severity
  - no_reboot_needed
  - package_prelink_removed
PREVIEWING: rtrieu/product-analytics-ui-changes