The Oracle Linux operating system must be a vendor supported release.

STIG ID: OL07-00-020250  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: high |  CCI: CCI-000366 |  Vulnerability Id: V-221719

Vulnerability Discussion

An operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.

Check

Verify the version of the operating system is vendor supported.

Check the version of the operating system with the following command:

# cat /etc/oracle-release

Oracle Linux Server release 7.6

Current End of Premier Support for Oracle Linux 7 is Jul 2024 while Extended Support might consider extended term.

If the release is not supported by the vendor, this is a finding.

Fix

Upgrade to a supported version of the operating system.