OL 8 must not install packages from the Extra Packages for Enterprise Linux (EPEL) repository.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-248827 | OL08-00-040010 | SV-248827r1134850_rule | CCI-000381 | high |
| Description | ||||
| The EPEL is a repository of high-quality open-source packages for enterprise-class Linux distributions such as RHEL, CentOS, AlmaLinux, Rocky Linux, and Oracle Linux. These packages are not part of the official distribution but are built using the same Fedora build system to ensure compatibility and maintain quality standards. | ||||
| STIG | Date | |||
| Oracle Linux 8 Security Technical Implementation Guide | 2026-02-13 | |||
Details
Check Text (C-248827r1134850_chk)
Verify that OL 8 is not able to install packages from the EPEL with the following command:
$ dnf repolist
repo id repo name
ol8_UEKR7 Latest Unbreakable Enterprise Kernel Release 7 for Oracle Linux 8 (x86_64)
ol8_appstream Oracle Linux 8 Application Stream (x86_64)
ol8_baseos_latest Oracle Linux 8 BaseOS Latest (x86_64)
If any repositories containing the word "epel" in the name exist, this is a finding.
Fix Text (F-52215r1134849_fix)
The repo package can be manually removed with the following command:
$ sudo dnf remove epel-release
Configure OL 8 to disable use of the EPEL repository with the following command:
$ sudo dnf config-manager --set-disabled epel