STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Amazon Linux 2023 Security Technical Implementation Guide

V-274185

CAT II (Medium)

Amazon Linux 2023 must remove all software components after updated versions have been installed.

Rule ID

SV-274185r1120543_rule

STIG

Amazon Linux 2023 Security Technical Implementation Guide

Version

V1R3

CCIs

CCI-002617

Discussion

Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by some adversaries.

Check Content

Verify Amazon Linux 2023 removes all software components after updated versions have been installed with the following command:

$ grep clean /etc/dnf/dnf.conf 
clean_requirements_on_remove=1 

If "clean_requirements_on_remove" is not set to "1", "True", or "yes", this is a finding.

Fix Text

Configure Amazon Linux 2023 to remove all software components after updated versions have been installed.

Set the "clean_requirements_on_remove" option to "1" in the "/etc/dnf/dnf.conf" file:

clean_requirements_on_remove=1