Amazon Linux 2023 must remove all software components after updated versions have been installed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-274185 | AZLX-23-002615 | SV-274185r1120543_rule | CCI-002617 | medium |
| Description | ||||
| Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by some adversaries. | ||||
| STIG | Date | |||
| Amazon Linux 2023 Security Technical Implementation Guide | 2026-02-27 | |||
Details
Check Text (C-274185r1120543_chk)
Verify Amazon Linux 2023 removes all software components after updated versions have been installed with the following command:
$ grep clean /etc/dnf/dnf.conf
clean_requirements_on_remove=1
If "clean_requirements_on_remove" is not set to "1", "True", or "yes", this is a finding.
Fix Text (F-78181r1120542_fix)
Configure Amazon Linux 2023 to remove all software components after updated versions have been installed.
Set the "clean_requirements_on_remove" option to "1" in the "/etc/dnf/dnf.conf" file:
clean_requirements_on_remove=1