Rule ID
SV-282624r1200852_rule
Version
V1R1
CCIs
Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise.
Verify TOSS 5 security patches and updates are installed and up to date. Updates are required in a frequency determined by organizational policy.
Check the TOSS release notes sent via email for security updates. It is important to note that updates provided by Red Hat/TOSS may not be present on the system if the underlying packages are not installed.
Check that the available package security updates have been installed on the system using the following command:
$ dnf history list | more
ID | Command line | Date and time | Action(s) | Altered
-------------------------------------------------------------------------------
70 | install aide | 2023-03-05 10:58 | Install | 1
69 | update -y | 2023-03-04 14:34 | Update | 18 EE
68 | install vlc | 2023-02-21 17:12 | Install | 21
67 | update -y | 2023-02-21 17:04 | Update | 7 EE
Typical update frequency may be overridden by Information Assurance Vulnerability Alert (IAVA) notifications from CYBERCOM.
If the system is not compliant with the organizational patching policy, this is a finding.Install TOSS 5 security patches and updates at the organizationally defined frequency. If system updates are installed via a centralized repository that is configured on the system, install all updates using the following command: $ sudo dnf update