OL 9 must remove all software components after updated versions have been installed.

STIG ID: OL09-00-000495  |  SRG: SRG-OS-000437-GPOS-00194 |  Severity: low |  CCI: CCI-002617 |  Vulnerability Id: V-271522

Vulnerability Discussion

Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by some adversaries.

Check

Verify that OL 9 removes all software components after updated versions have been installed with the following command:

$ grep clean /etc/dnf/dnf.conf
clean_requirements_on_remove=True

If clean_requirements_on_remove is not set to "True", this is a finding.

Fix

Configure OL 9 to remove all software components after updated versions have been installed.

Edit the file /etc/dnf/dnf.conf by adding or editing the following line:

clean_requirements_on_remove=1
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.