[CLOSED] - grub.conf and audit=1 security change
- warron.french
- Posts: 616
- Joined: 2014/03/27 20:21:58
[CLOSED] - grub.conf and audit=1 security change
I have a requirement to set audit=1 on the end of each and every "kernel" line inside of the /boot/grub/grub.conf file; only on my system I don't actually have a /boot/grub/grub.conf file; but I do have a /etc/grub.conf file.
Any ideas, because the tool that checks for the audit=1 setting in the last position on the kernel line is also looking for it to be specifically in the path-to-file /boot/grub/grub.conf.
Thanks in advance,
Any ideas, because the tool that checks for the audit=1 setting in the last position on the kernel line is also looking for it to be specifically in the path-to-file /boot/grub/grub.conf.
Thanks in advance,
Last edited by warron.french on 2017/07/14 17:13:13, edited 1 time in total.
Thanks,
War
War
Re: grub.conf and audit=1 security change
what is /etc/grub.conf a symlink to if you do not have a /boot/grub/grub.conf file? It ought to look like
Code: Select all
lrwxrwxrwx. 1 root root 22 Feb 2 2014 /etc/grub.conf -> ../boot/grub/grub.conf
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 10642
- Joined: 2005/08/05 15:19:54
- Location: Northern Illinois, USA
Re: grub.conf and audit=1 security change
Post the output of "uname -a".
- warron.french
- Posts: 616
- Joined: 2014/03/27 20:21:58
Re: grub.conf and audit=1 security change
On my newly reimaged machine the file is only /etc/grub.conf, but as I said there is no /boot/grub/grub.conf at all. In fact it is not a symlink on this newly reimaged (with CentOS-6.7) machine.TrevorH wrote:what is /etc/grub.conf a symlink to if you do not have a /boot/grub/grub.conf file? It ought to look like
Code: Select all
lrwxrwxrwx. 1 root root 22 Feb 2 2014 /etc/grub.conf -> ../boot/grub/grub.conf
I see Gerald asked a question that seems to target another detail that may help in this discussion.
Thanks,
War
War
Re: grub.conf and audit=1 security change
The only way in which the symlink from /etc/grub.conf to its target will be broken is if you use e.g. sed in a kickstart postscript to change the contents of the file. Without the correct parameter, sed will remove the symlink and recreate it as a file.
Are you sure the /boot partition is mounted when you look for the file in the correct location? Is this a machine using UEFI?
Are you sure the /boot partition is mounted when you look for the file in the correct location? Is this a machine using UEFI?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 10642
- Joined: 2005/08/05 15:19:54
- Location: Northern Illinois, USA
Re: grub.conf and audit=1 security change
If this is a container, it may not have a "/boot".
- warron.french
- Posts: 616
- Joined: 2014/03/27 20:21:58
Re: grub.conf and audit=1 security change
Gerald_clark, here is the result of uname -a from my machine that doesn't behave like the one I was using as a baseline system...gerald_clark wrote:Post the output of "uname -a".
2.6.32-573.22.1.el6.x86_64
Thanks,
Thanks,
War
War
- warron.french
- Posts: 616
- Joined: 2014/03/27 20:21:58
Re: grub.conf and audit=1 security change
gerald_clark wrote:If this is a container, it may not have a "/boot".
This is not a container, it is a real workstation running on the bare metal.
Thanks,
Thanks,
War
War
- warron.french
- Posts: 616
- Joined: 2014/03/27 20:21:58
Re: grub.conf and audit=1 security change
TrevorH, I did actually use a sed script to alter the lines actually; but what do you mean by "Without the correct parameter, sed will remove the symlink and recreate it as a file" ? What is the correct parameter I am looking for?TrevorH wrote:The only way in which the symlink from /etc/grub.conf to its target will be broken is if you use e.g. sed in a kickstart postscript to change the contents of the file. Without the correct parameter, sed will remove the symlink and recreate it as a file.
Are you sure the /boot partition is mounted when you look for the file in the correct location? Is this a machine using UEFI?
Thanks,
Thanks,
War
War
Re: grub.conf and audit=1 security change
There's only one mention of "symlinks" in man sed
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke