RHEL 10 must have the "gnutls-utils" package installed.

STIG ID: RHEL-10-200740  |  SRG: SRG-OS-000095-GPOS-00049 |  Severity: medium (CAT II)  |  CCI: CCI-000381 |  Vulnerability Id: V-281006

Vulnerability Discussion

"GnuTLS" is a secure communications library implementing the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram TLS (DTLS) protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. This package contains command line TLS client and server and certificate manipulation tools.

Check

Verify RHEL 10 has the "gnutls-utils" package installed with the following command:

$ sudo dnf list --installed gnutls-utils
Installed Packages
gnutls-utils.x86_64 3.8.9-9.el10_0.14 @rhel-10-for-x86_64-appstream-rpms

If the "gnutls-utils" package is not installed, this is a finding.

Fix

Configure RHEL 10 to have the "gnutls-utils" package installed with the following command:

$ sudo dnf -y install gnutls-utils
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.