STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The SUSE operating system must remove all outdated software components after updated versions have been installed.

DISA Rule

SV-234863r622137_rule

Vulnerability Number

V-234863

Group Title

SRG-OS-000437-GPOS-00194

Rule Version

SLES-15-010560

Severity

CAT II

CCI(s)

• CCI-002617 - The organization removes organization-defined software components (e.g., previous versions) after updated versions have been installed.

Weight

10

Fix Recommendation

Configure the SUSE operating system to remove all outdated software components after an update by editing the following line in "/etc/zypp/zypp.conf" to match the one provided below:

solver.upgradeRemoveDroppedPackages = true

Check Contents

Verify the SUSE operating system removes all outdated software components after updated version have been installed by running the following command:

> grep -i upgraderemovedroppedpackages /etc/zypp/zypp.conf

solver.upgradeRemoveDroppedPackages = true

If "solver.upgradeRemoveDroppedPackages" is commented out, is set to "false", or is missing completely, this is a finding.

Vulnerability Number

V-234863

Documentable

False

Rule Version

SLES-15-010560

Severity Override Guidance

Verify the SUSE operating system removes all outdated software components after updated version have been installed by running the following command:

> grep -i upgraderemovedroppedpackages /etc/zypp/zypp.conf

solver.upgradeRemoveDroppedPackages = true

If "solver.upgradeRemoveDroppedPackages" is commented out, is set to "false", or is missing completely, this is a finding.

Check Content Reference

M

Target Key

5274

Comments