STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

YUM must remove all software components after updated versions have been installed on RHEL 8.

DISA Rule

SV-230281r627750_rule

Vulnerability Number

V-230281

Group Title

SRG-OS-000437-GPOS-00194

Rule Version

RHEL-08-010440

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the operating system to remove all software components after updated versions have been installed.

Set the "clean_requirements_on_remove" option to "True" in the "/etc/dnf/dnf.conf" file:

clean_requirements_on_remove=True

Check Contents

Verify the operating system removes all software components after updated versions have been installed.

Check if YUM is configured to remove unneeded packages with the following command:

$ sudo grep -i clean_requirements_on_remove /etc/dnf/dnf.conf

clean_requirements_on_remove=True

If "clean_requirements_on_remove" is not set to either "1", "True", or "yes", commented out, or is missing from "/etc/dnf/dnf.conf", this is a finding.

Vulnerability Number

V-230281

Documentable

False

Rule Version

RHEL-08-010440

Severity Override Guidance

Verify the operating system removes all software components after updated versions have been installed.

Check if YUM is configured to remove unneeded packages with the following command:

$ sudo grep -i clean_requirements_on_remove /etc/dnf/dnf.conf

clean_requirements_on_remove=True

If "clean_requirements_on_remove" is not set to either "1", "True", or "yes", commented out, or is missing from "/etc/dnf/dnf.conf", this is a finding.

Check Content Reference

M

Target Key

2921

Comments