STIGQter STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:

The Ubuntu operating system must be configured so that Advance Package Tool (APT) removes all software components after updated versions have been installed.

DISA Rule

SV-238370r654285_rule

Vulnerability Number

V-238370

Group Title

SRG-OS-000437-GPOS-00194

Rule Version

UBTU-20-010449

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure APT to remove all software components after updated versions have been installed.

Add or updated the following options to the "/etc/apt/apt.conf.d/50unattended-upgrades" file:

Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";

Check Contents

Verify is configured to remove all software components after updated versions have been installed with the following command:

$ grep -i remove-unused /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";

If the "::Remove-Unused-Dependencies" and "::Remove-Unused-Kernel-Packages" parameters are not set to "true" or are missing or commented out, this is a finding.

Vulnerability Number

V-238370

Documentable

False

Rule Version

UBTU-20-010449

Severity Override Guidance

Verify is configured to remove all software components after updated versions have been installed with the following command:

$ grep -i remove-unused /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";

If the "::Remove-Unused-Dependencies" and "::Remove-Unused-Kernel-Packages" parameters are not set to "true" or are missing or commented out, this is a finding.

Check Content Reference

M

Target Key

5318

Comments