Check: GEN008820
VMware ESX 3 Server:
GEN008820
(in version v1 r2)
Title
The system package management tool must not automatically obtain updates. (Cat III impact)
Discussion
System package management tools can obtain a list of updates and patches from a package repository and make this information available to the SA for review and action. Using a package repository outside of the organization's control, presents a risk that malicious packages could be introduced.
Check Content
Determine if the system package management tool is configured to automatically obtain updated packages. If it is, this is a finding.
Fix Text
Configure the system package management tool not to automatically obtain updates.
Additional Identifiers
Rule ID: SV-26264r1_rule
Vulnerability ID: V-22589
Group Title: GEN008820
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001233 |
The organization employs automated mechanisms on an organization-defined frequency to determine the state of information system components with regard to flaw remediation. |
Controls
Number | Title |
---|---|
SI-2 (2) |
Automated Flaw Remediation Status |