RHEL 10 must not have the unbound package installed.

STIG ID: RHEL-10-200060  |  SRG: SRG-OS-000095-GPOS-00049 |  Severity: medium (CAT II)  |  CCI: CCI-000381 |  Vulnerability Id: V-280948

Vulnerability Discussion

If the system is not a Domain Name Server (DNS), it should not have a DNS server package installed to decrease the attack surface of the system.

Check

Verify RHEL 10 does not have a DNS package installed with the following command:

$ sudo dnf list --installed unbound
Error: No matching Packages to list

If the "unbound" package is installed, and the information system security officer lacks a documented requirement for a DNS, this is a finding.

Fix

Configure RHEL 10 to not have the unbound package installed with the following command:

$ sudo dnf -y remove unbound
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.