Skip to content

Ensure Software Patches Installed

An XCCDF Rule

Description

If the system has an apt repository available, run the following command to install updates:

$ apt update && apt full-upgrade


NOTE: U.S. Defense systems are required to be patched within 30 days or sooner as local policy dictates.

Rationale

Installing software updates is a fundamental mitigation against the exploitation of publicly-known vulnerabilities. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise.

ID
xccdf_org.ssgproject.content_rule_security_patches_up_to_date
Severity
Medium
References
Updated



Remediation - Ansible

- name: Security patches are up to date
  package:
    name: '*'
    state: latest
  tags:
  - CJIS-5.10.4.1