Automation Controller must install security-relevant software updates within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, and STIGs).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-256911 | APAS-AT-000122 | SV-256911r961683_rule | Medium |
| Description |
| Security relevant software updates must be installed within the timeframes directed by an authoritative source in order to maintain the integrity and confidentiality of the system and its organizational assets. |
| STIG | Date |
| Red Hat Ansible Automation Controller Application Server Security Technical Implementation Guide | 2024-06-10 |
Details
| Check Text (C-60586r902301_chk) |
| As a system administrator for each Automation Controller host inspect the status of the DNF Automatic timer: systemctl status dnf-automatic.timer If "Active: active" is not included in the output, this is a finding. Inspect the configuration of DNF Automatic: grep apply_updates /etc/dnf/automatic.conf If "apply_updates = yes" is not displayed, this is a finding. |
| Fix Text (F-60528r902302_fix) |
| Install and enable DNF Automatic: dnf install dnf-automatic (run the install) systemctl enable --now dnf-automatic.timer Modify /etc/dnf/automatic.conf and set "apply_updates = yes". |