Merge pull request #4986 from ggbecker/fix-grub2-enable-fips-mode-rule

Fix grub2 enable fips mode rule
ComplianceAsCode · Nov 11, 2019 · d12afbb · d12afbb
2 parents 6048b34 + 6c71820
commit d12afbb
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 15 deletions.
diff --git a/...x_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/anaconda/shared.anaconda b/...x_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/anaconda/shared.anaconda
@@ -1,3 +1,3 @@
 # platform = Red Hat Enterprise Linux 7,Oracle Linux 7
 
-package --add=dracut-fips
+package --add=dracut-fips --add=dracut-fips-aesni
diff --git a/shared/macros-bash.jinja b/shared/macros-bash.jinja
@@ -89,21 +89,19 @@ apt-get remove -y "{{{ package }}}"
 
 {{%- macro bash_disable_prelink() -%}}
 # prelink not installed
-if test ! -e /etc/sysconfig/prelink -a ! -e /usr/sbin/prelink; then
-    return 0
-fi
-
-if grep -q ^PRELINKING /etc/sysconfig/prelink
-then
-    sed -i 's/^PRELINKING[:blank:]*=[:blank:]*[:alpha:]*/PRELINKING=no/' /etc/sysconfig/prelink
-else
-    printf '\n' >> /etc/sysconfig/prelink
-    printf '%s\n' '# Set PRELINKING=no per security requirements' 'PRELINKING=no' >> /etc/sysconfig/prelink
-fi
+if test -e /etc/sysconfig/prelink -o -e /usr/sbin/prelink; then
+    if grep -q ^PRELINKING /etc/sysconfig/prelink
+    then
+        sed -i 's/^PRELINKING[:blank:]*=[:blank:]*[:alpha:]*/PRELINKING=no/' /etc/sysconfig/prelink
+    else
+        printf '\n' >> /etc/sysconfig/prelink
+        printf '%s\n' '# Set PRELINKING=no per security requirements' 'PRELINKING=no' >> /etc/sysconfig/prelink
+    fi
 
-# Undo previous prelink changes to binaries if prelink is available.
-if test -x /usr/sbin/prelink; then
-    /usr/sbin/prelink -ua
+    # Undo previous prelink changes to binaries if prelink is available.
+    if test -x /usr/sbin/prelink; then
+        /usr/sbin/prelink -ua
+    fi
 fi
 {{%- endmacro -%}}