RHEL 10 must remove all software components after updated versions have been installed.

STIG ID: RHEL-10-200000  |  SRG: SRG-OS-000437-GPOS-00194 |  Severity: medium (CAT II)  |  CCI: CCI-002617 |  Vulnerability Id: V-280942

Vulnerability Discussion

Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by some adversaries.

Check

Verify RHEL 10 removes all software components after updated versions have been installed with the following command:

$ sudo grep -i clean_requirements_on_remove /etc/dnf/dnf.conf
clean_requirements_on_remove=True

If "clean_requirements_on_remove" is not set to "True", this is a finding.

Fix

Configure RHEL 10 to remove all software components after updated versions have been installed.

Edit the file "/etc/dnf/dnf.conf" by adding or editing the following line:

clean_requirements_on_remove=True
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.