Ensure Software Patches Installed
An XCCDF Rule
Description
If the system is joined to the Red Hat Network, a Red Hat Satellite Server, or a yum server, run the following command to install updates:
$ sudo yum updateIf the system is not configured to use one of these sources, updates (in the form of RPM packages) can be manually downloaded from the Red Hat Network and installed using
rpm
.
NOTE: U.S. Defense systems are required to be patched within 30 days or sooner as local policy dictates.
warning alert: Warning
The OVAL feed of Red Hat Enterprise Linux 7 is not a XML file, which may not be understood by all scanners.
Rationale
Installing software updates is a fundamental mitigation against the exploitation of publicly-known vulnerabilities. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise.
- ID
- xccdf_org.ssgproject.content_rule_security_patches_up_to_date
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Security patches are up to date
package:
name: '*'
state: latest
tags:
- CJIS-5.10.4.1
Remediation - Shell Script
yum -y update