Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system package management tool must not automatically obtain updates.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22589 | GEN008820 | SV-26992r1_rule | ECSC-1 | Low |
| Description |
|---|
| System package management tools can obtain a list of updates and patches from a package repository and make this information available to the SA for review and action. Using a package repository outside of the organization's control presents a risk of malicious packages being introduced. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2014-01-09 |
Details
| Check Text ( C-27935r1_chk ) |
|---|
| Verify the YUM service is enabled. # service yum-updatesd status If the service is enabled, this is a finding. |
| Fix Text (F-24258r1_fix) |
|---|
| Disable the yum service. # chkconfig yum-updatesd off ; service yum-updatesd stop |