Automation Controller must install security-relevant software updates within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, and STIGs).

STIG ID: APAS-AT-000122  |  SRG: SRG-APP-000456-AS-000266 |  Severity: medium |  CCI: CCI-002605 |  Vulnerability Id: V-256911 | 

Vulnerability Discussion

Security relevant software updates must be installed within the timeframes directed by an authoritative source in order to maintain the integrity and confidentiality of the system and its organizational assets.

Check

As a system administrator for each Automation Controller host inspect the status of the DNF Automatic timer:

systemctl status dnf-automatic.timer

If "Active: active" is not included in the output, this is a finding.

Inspect the configuration of DNF Automatic:

grep apply_updates /etc/dnf/automatic.conf

If "apply_updates = yes" is not displayed, this is a finding.

Fix

Install and enable DNF Automatic:

dnf install dnf-automatic
(run the install)
systemctl enable --now dnf-automatic.timer

Modify /etc/dnf/automatic.conf and set "apply_updates = yes".
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.