← Back to Red Hat Ansible Automation Controller Application Server Security Technical Implementation Guide

V-256911

CAT II (Medium)

Automation Controller must install security-relevant software updates within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, and STIGs).

Rule ID

SV-256911r902303_rule

STIG

Red Hat Ansible Automation Controller Application Server Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-002605

Discussion

Security relevant software updates must be installed within the timeframes directed by an authoritative source in order to maintain the integrity and confidentiality of the system and its organizational assets.

Check Content

As a system administrator for each Automation Controller host inspect the status of the DNF Automatic timer:

systemctl status dnf-automatic.timer

If "Active: active" is not included in the output, this is a finding.

Inspect the configuration of DNF Automatic:

 grep apply_updates /etc/dnf/automatic.conf

If "apply_updates = yes" is not displayed, this is a finding.

Fix Text

Install and enable DNF Automatic:

dnf install dnf-automatic
(run the install)
systemctl enable --now dnf-automatic.timer

Modify /etc/dnf/automatic.conf and set "apply_updates = yes".