Ensure apt_get Removes Previous Package Versions
An XCCDF Rule
Description
apt_get should be configured to remove previous software components after
new versions have been installed. To configure apt_get to remove the
previous software components after updating, set the ::Remove-Unused-Dependencies and
::Remove-Unused-Kernel-Packages
to true in /etc/apt/apt.conf.
Rationale
Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by some adversaries.
- ID
- xccdf_org.ssgproject.content_rule_clean_components_post_updating
- Severity
- Low
- References
- Updated
Remediation - Shell Script
flag1=1
flag2=1
for file in /etc/apt/apt.conf.d/*; do
if [ -e "$file" ]; then