RHEL 9 must have the gnutls-utils package installed.

STIG ID: RHEL-09-215080  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-257839 | 

Vulnerability Discussion

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other required structures. This package contains command line TLS client and server and certificate manipulation tools.

Check

Verify that RHEL 9 has the gnutls-utils package installed with the following command:

$ dnf list --installed gnutls-utils

Example output:

gnutls-utils.x86_64 3.7.3-9.el9

If the "gnutls-utils" package is not installed, this is a finding.

Fix

The gnutls-utils package can be installed with the following command:

$ sudo dnf install gnutls-utils