STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The SUSE operating system must remove all outdated software components after updated versions have been installed.

DISA Rule

SV-217154r603262_rule

Vulnerability Number

V-217154

Group Title

SRG-OS-000437-GPOS-00194

Rule Version

SLES-12-010570

Severity

CAT II

CCI(s)

• CCI-002617 - The organization removes organization-defined software components (e.g., previous versions) after updated versions have been installed.

Weight

10

Fix Recommendation

Configure the SUSE operating system to remove all outdated software components after an update by editing the following line in "/etc/zypp/zypp.conf" to match the one provided below:

solver.upgradeRemoveDroppedPackages = true

Check Contents

Verify the SUSE operating system removes all outdated software components after updated version have been installed by running the following command:

# grep -i upgraderemovedroppedpackages /etc/zypp/zypp.conf

solver.upgradeRemoveDroppedPackages = true

If "solver.upgradeRemoveDroppedPackages" is commented out, is set to "false", or is missing completely, this is a finding.

Vulnerability Number

V-217154

Documentable

False

Rule Version

SLES-12-010570

Severity Override Guidance

Verify the SUSE operating system removes all outdated software components after updated version have been installed by running the following command:

# grep -i upgraderemovedroppedpackages /etc/zypp/zypp.conf

solver.upgradeRemoveDroppedPackages = true

If "solver.upgradeRemoveDroppedPackages" is commented out, is set to "false", or is missing completely, this is a finding.

Check Content Reference

M

Target Key

4033

Comments