OL 9 must remove all software components after updated versions have been installed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-271522 | OL09-00-000495 | SV-271522r1091278_rule | CCI-002617 | low |
| Description | ||||
| Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by some adversaries. | ||||
| STIG | Date | |||
| Oracle Linux 9 Security Technical Implementation Guide | 2025-05-08 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
SI-2(6)
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-002617
1.00
- DISA · 1 · disa_xccdf · related
Details
Check Text (C-271522r1091278_chk)
Verify that OL 9 removes all software components after updated versions have been installed with the following command:
$ grep clean /etc/dnf/dnf.conf
clean_requirements_on_remove=True
If clean_requirements_on_remove is not set to "True", this is a finding.
Fix Text (F-75479r1091277_fix)
Configure OL 9 to remove all software components after updated versions have been installed.
Edit the file /etc/dnf/dnf.conf by adding or editing the following line:
clean_requirements_on_remove=1