STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Redis Enterprise 6.x Security Technical Implementation Guide

V-251252

CAT III (Low)

When updates are applied to Redis Enterprise DBMS software, any software components that have been replaced or made unnecessary must be removed.

Rule ID

SV-251252r961677_rule

STIG

Redis Enterprise 6.x Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-002617

Discussion

Previous versions of DBMS components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some DBMSs' installation tools may remove older versions of software automatically from the information system. In other cases, manual review and removal will be required. In planning installations and upgrades, organizations must include steps (automated, manual, or both) to identify and remove the outdated modules. A transition period may be necessary when both the old and the new software are required. This should be considered in the planning.

Check Content

When the Redis software is upgraded to a new version, the old version install file remains on the server. The users must remove this manually. To verify if the old install files have been deleted, check the locations below:
/opt/redislabs - Main Installation directory for all Redis Enterprise Software binaries
/opt/redislabs/config - System configuration files
/opt/redislabs/lib - System library files
/var/opt/redislabs - Default storage location for the cluster data, system logs, backups and ephemeral, persisted data
/tmp - Temporary files

The GREP command can be used to search for old Redis files in the above locations. 

If software components that have been replaced or made unnecessary are not removed, this is a finding.

Fix Text

When a new update is available and installed, all old install files must be removed from the locations below:
/opt/redislabs - Main Installation directory for all Redis Enterprise Software binaries
/opt/redislabs/config - System configuration files
/opt/redislabs/lib - System library files
/var/opt/redislabs - Default storage location for the cluster data, system logs, backups and ephemeral, persisted data
/tmp - Temporary files

The GREP command can be used to search for old Redis files in the above locations.

If software from a previous/outdated version of Redis Enterprise remains in any of the following locations/directories, run the following to remove it: 
rm -r <file_name>