STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to SUSE Linux Enterprise Server 12 Security Technical Implementation Guide

V-217154

CAT II (Medium)

The SUSE operating system must remove all outdated software components after updated versions have been installed.

Rule ID

SV-217154r958936_rule

STIG

SUSE Linux Enterprise Server 12 Security Technical Implementation Guide

Version

V3R5

CCIs

CCI-002617

Discussion

Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software automatically from the information system.

Check Content

Verify the SUSE operating system removes all outdated software components after updated version have been installed by running the following command:

# grep -i upgraderemovedroppedpackages /etc/zypp/zypp.conf 

solver.upgradeRemoveDroppedPackages = true

If "solver.upgradeRemoveDroppedPackages" is commented out, is set to "false", or is missing completely, this is a finding.

Fix Text

Configure the SUSE operating system to remove all outdated software components after an update by editing the following line in "/etc/zypp/zypp.conf" to match the one provided below:

solver.upgradeRemoveDroppedPackages = true