Check: RHEL-08-010000
RHEL 8 STIG:
RHEL-08-010000
(in versions v1 r14 through v1 r8)
Title
RHEL 8 must be a vendor-supported release. (Cat I impact)
Discussion
An operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software. Red Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise Linux subscription, for a fee, for those customers who wish to standardize on a specific minor release for an extended period. The RHEL 8 minor releases eligible for EUS are 8.1, 8.2, 8.4, 8.6, and 8.8. Each RHEL 8 EUS stream is available for 24 months from the availability of the minor release. RHEL 8.10 will be the final minor release overall. For more details on the Red Hat Enterprise Linux Life Cycle visit https://access.redhat.com/support/policy/updates/errata/. Note: The life-cycle time spans and dates are subject to adjustment.
Check Content
Verify the version of the operating system is vendor supported. Note: The lifecycle time spans and dates are subject to adjustment. Check the version of the operating system with the following command: $ sudo cat /etc/redhat-release Red Hat Enterprise Linux Server release 8.6 (Ootpa) Current End of Extended Update Support for RHEL 8.1 is 30 November 2021. Current End of Extended Update Support for RHEL 8.2 is 30 April 2022. Current End of Extended Update Support for RHEL 8.4 is 31 May 2023. Current End of Maintenance Support for RHEL 8.5 is 31 May 2022. Current End of Extended Update Support for RHEL 8.6 is 31 May 2024. Current End of Maintenance Support for RHEL 8.7 is 31 May 2023. Current End of Extended Update Support for RHEL 8.8 is 31 May 2025. Current End of Maintenance Support for RHEL 8.9 is 31 May 2024. Current End of Maintenance Support for RHEL 8.10 is 31 May 2029. If the release is not supported by the vendor, this is a finding.
Fix Text
Upgrade to a supported version of RHEL 8.
Additional Identifiers
Rule ID: SV-230221r858734_rule
Vulnerability ID: V-230221
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |