An error occurred:

Check: GEN008820

SUSE Linux Enterprise Server v11 for System z STIG: GEN008820 (in versions v1 r12 through v1 r9)

Title

The system package management tool must not automatically obtain updates. (Cat III impact)

Discussion

System package management tools can obtain a list of updates and patches from a package repository and make this information available to the SA for review and action. Using a package repository outside of the organization's control presents a risk of malicious packages being introduced.

Check Content

Check for the existence of a cron job called opensuse.org-online_update # find /etc/cron* -name opensuse* If a symlink or executable script is found, this is a finding.

Fix Text

Disable the Automatic Online Update option using YaST. # /sbin/yast2 online_update_configuration Uncheck the “Automatic Online Update” selection. Select “Finish” to exit If /etc/<cron directory>/opensuse.org-online_update still exists, remove it manually rm /etc/<cron directory>/opensuse.org-online_update

Additional Identifiers

Rule ID: SV-46084r1_rule

Vulnerability ID: V-22589

Group Title: GEN008820

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001233

The organization employs automated mechanisms on an organization-defined frequency to determine the state of information system components with regard to flaw remediation.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-2 (2)

Automated Flaw Remediation Status