STIG ID: RHEL-09-214035 | SRG: SRG-OS-000437-GPOS-00194 | Severity: low | CCI: | Vulnerability Id: V-257824
Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by some adversaries.
Configure RHEL 9 to remove all software components after updated versions have been installed.
Edit the file /etc/dnf/dnf.conf by adding or editing the following line:
clean_requirements_on_remove=1
Verify RHEL 9 removes all software components after updated versions have been installed with the following command:
$ grep clean /etc/dnf/dnf.conf
clean_requirements_on_remove=1
If "clean_requirements_on_remove" is not set to "1", this is a finding.