STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

System security patches and updates must be installed and up-to-date.

DISA Rule

SV-208798r603263_rule

Vulnerability Number

V-208798

Group Title

SRG-OS-000191

Rule Version

OL6-00-000011

Severity

CAT II

CCI(s)

• CCI-001233 - The organization employs automated mechanisms on an organization-defined frequency to determine the state of information system components with regard to flaw remediation.

Weight

10

Fix Recommendation

If the system is joined to Oracle's Unbreakable Linux Network or an internal YUM server, run the following command to install updates

# yum update

If the system is not configured to use one of these sources, updates (in the form of RPM packages) can be manually downloaded from Oracle's Unbreakable Linux Network and installed using the "rpm" command.

Check Contents

If the system is joined to Oracle's Unbreakable Linux Network or an internal YUM server that provides updates, invoking the following command will indicate if updates are available.:

# yum check-update

If the system is not configured to update from one of these sources, run the following command to list when each package was last updated:

$ rpm -qa -last

Compare this to (1) http://linux.oracle.com/errata/ and (2) http://linux.oracle.com/cve/ to determine if the system is missing applicable security and bugfix updates. If updates are not installed, this is a finding. A ULN account is not required to obtain security updates Oracle also makes this content freely available on its Public YUM server at: http://public-yum.oracle.com/.

Vulnerability Number

V-208798

Documentable

False

Rule Version

OL6-00-000011

Severity Override Guidance

If the system is joined to Oracle's Unbreakable Linux Network or an internal YUM server that provides updates, invoking the following command will indicate if updates are available.:

# yum check-update

If the system is not configured to update from one of these sources, run the following command to list when each package was last updated:

$ rpm -qa -last

Compare this to (1) http://linux.oracle.com/errata/ and (2) http://linux.oracle.com/cve/ to determine if the system is missing applicable security and bugfix updates. If updates are not installed, this is a finding. A ULN account is not required to obtain security updates Oracle also makes this content freely available on its Public YUM server at: http://public-yum.oracle.com/.

Check Content Reference

M

Target Key

2928

Comments