Automation Controller must install security-relevant software updates within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, and STIGs).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-256911 | APAS-AT-000122 | SV-256911r961683_rule | CCI-002605 | medium |
| Description | ||||
| Security relevant software updates must be installed within the timeframes directed by an authoritative source in order to maintain the integrity and confidentiality of the system and its organizational assets. | ||||
| STIG | Date | |||
| Red Hat Ansible Automation Controller Application Server Security Technical Implementation Guide | 2025-05-23 | |||
Details
Check Text (C-256911r961683_chk)
As a system administrator for each Automation Controller host inspect the status of the DNF Automatic timer:
systemctl status dnf-automatic.timer
If "Active: active" is not included in the output, this is a finding.
Inspect the configuration of DNF Automatic:
grep apply_updates /etc/dnf/automatic.conf
If "apply_updates = yes" is not displayed, this is a finding.
Fix Text (F-60528r902302_fix)
Install and enable DNF Automatic:
dnf install dnf-automatic
(run the install)
systemctl enable --now dnf-automatic.timer
Modify /etc/dnf/automatic.conf and set "apply_updates = yes".