AlmaLinux OS 9 must not install packages from the Extra Packages for Enterprise Linux (EPEL) repository.

STIG ID: ALMA-09-030820  |  SRG: SRG-OS-000095-GPOS-00049 |  Severity: medium |  CCI: CCI-000381 |  Vulnerability Id: V-269352

Vulnerability Discussion

The EPEL is a repository of high-quality open-source packages for enterprise-class Linux distributions such as RHEL, CentOS, AlmaLinux, Rocky Linux, and Oracle Linux. These packages are not part of the official distribution but are built using the same Fedora build system to ensure compatibility and maintain quality standards.

Check

Verify that AlmaLinux OS 9 is not able to install packages from the EPEL with the following command:

$ dnf repolist
repo id repo name
appstream AlmaLinux 9 - AppStream
baseos AlmaLinux 9 - BaseOS
extras AlmaLinux 9 - Extras

If any repositories containing the word "epel" in the name exist, this is a finding.

Fix

The repo package can be manually removed with the following command:

$ sudo dnf remove epel-release

Configure AlmaLinux 9 to disable use of the EPEL repository with the following command:

$ sudo dnf config-manager --set-disabled epel
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.