[CLOSED] - grub.conf and audit=1 security change

Support for security such as Firewalls and securing linux
User avatar
warron.french
Posts: 521
Joined: 2014/03/27 20:21:58

[CLOSED] - grub.conf and audit=1 security change

Post by warron.french » 2016/06/17 03:56:47

I have a requirement to set audit=1 on the end of each and every "kernel" line inside of the /boot/grub/grub.conf file; only on my system I don't actually have a /boot/grub/grub.conf file; but I do have a /etc/grub.conf file.


Any ideas, because the tool that checks for the audit=1 setting in the last position on the kernel line is also looking for it to be specifically in the path-to-file /boot/grub/grub.conf.


Thanks in advance,
Last edited by warron.french on 2017/07/14 17:13:13, edited 1 time in total.
Thanks,
War

User avatar
TrevorH
Forum Moderator
Posts: 29654
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: grub.conf and audit=1 security change

Post by TrevorH » 2016/06/17 10:33:36

what is /etc/grub.conf a symlink to if you do not have a /boot/grub/grub.conf file? It ought to look like

Code: Select all

lrwxrwxrwx. 1 root root 22 Feb  2  2014 /etc/grub.conf -> ../boot/grub/grub.conf
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: grub.conf and audit=1 security change

Post by gerald_clark » 2016/06/17 13:00:45

Post the output of "uname -a".

User avatar
warron.french
Posts: 521
Joined: 2014/03/27 20:21:58

Re: grub.conf and audit=1 security change

Post by warron.french » 2016/06/17 13:28:39

TrevorH wrote:what is /etc/grub.conf a symlink to if you do not have a /boot/grub/grub.conf file? It ought to look like

Code: Select all

lrwxrwxrwx. 1 root root 22 Feb  2  2014 /etc/grub.conf -> ../boot/grub/grub.conf
On my newly reimaged machine the file is only /etc/grub.conf, but as I said there is no /boot/grub/grub.conf at all. In fact it is not a symlink on this newly reimaged (with CentOS-6.7) machine.

I see Gerald asked a question that seems to target another detail that may help in this discussion.
Thanks,
War

User avatar
TrevorH
Forum Moderator
Posts: 29654
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: grub.conf and audit=1 security change

Post by TrevorH » 2016/06/17 14:53:00

The only way in which the symlink from /etc/grub.conf to its target will be broken is if you use e.g. sed in a kickstart postscript to change the contents of the file. Without the correct parameter, sed will remove the symlink and recreate it as a file.

Are you sure the /boot partition is mounted when you look for the file in the correct location? Is this a machine using UEFI?
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: grub.conf and audit=1 security change

Post by gerald_clark » 2016/06/17 15:10:46

If this is a container, it may not have a "/boot".

User avatar
warron.french
Posts: 521
Joined: 2014/03/27 20:21:58

Re: grub.conf and audit=1 security change

Post by warron.french » 2016/06/20 17:24:10

gerald_clark wrote:Post the output of "uname -a".
Gerald_clark, here is the result of uname -a from my machine that doesn't behave like the one I was using as a baseline system...

2.6.32-573.22.1.el6.x86_64


Thanks,
Thanks,
War

User avatar
warron.french
Posts: 521
Joined: 2014/03/27 20:21:58

Re: grub.conf and audit=1 security change

Post by warron.french » 2016/06/20 17:25:11

gerald_clark wrote:If this is a container, it may not have a "/boot".

This is not a container, it is a real workstation running on the bare metal.

Thanks,
Thanks,
War

User avatar
warron.french
Posts: 521
Joined: 2014/03/27 20:21:58

Re: grub.conf and audit=1 security change

Post by warron.french » 2016/06/20 17:26:49

TrevorH wrote:The only way in which the symlink from /etc/grub.conf to its target will be broken is if you use e.g. sed in a kickstart postscript to change the contents of the file. Without the correct parameter, sed will remove the symlink and recreate it as a file.

Are you sure the /boot partition is mounted when you look for the file in the correct location? Is this a machine using UEFI?
TrevorH, I did actually use a sed script to alter the lines actually; but what do you mean by "Without the correct parameter, sed will remove the symlink and recreate it as a file" ? What is the correct parameter I am looking for?

Thanks,
Thanks,
War

User avatar
TrevorH
Forum Moderator
Posts: 29654
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: grub.conf and audit=1 security change

Post by TrevorH » 2016/06/20 23:40:40

There's only one mention of "symlinks" in man sed
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 6 - Security Support”