Automation Controller must install security-relevant software updates within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, and STIGs).
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-256911 | SRG-APP-000456-AS-000266 | APAS-AT-000122 | SV-256911r961683_rule | 2024-06-10 | 2 |
| Description |
|---|
| Security relevant software updates must be installed within the timeframes directed by an authoritative source in order to maintain the integrity and confidentiality of the system and its organizational assets. |
| ℹ️ Check |
|---|
| As a system administrator for each Automation Controller host inspect the status of the DNF Automatic timer: systemctl status dnf-automatic.timer If "Active: active" is not included in the output, this is a finding. Inspect the configuration of DNF Automatic: grep apply_updates /etc/dnf/automatic.conf If "apply_updates = yes" is not displayed, this is a finding. |
| ✔️ Fix |
|---|
| Install and enable DNF Automatic: dnf install dnf-automatic (run the install) systemctl enable --now dnf-automatic.timer Modify /etc/dnf/automatic.conf and set "apply_updates = yes". |