{"description": "To ensure that the packages comprising the available updates will be automatically installed by <tt>dnf-automatic</tt>, set <tt>apply_updates</tt> to <tt>yes</tt> under <tt>[commands]</tt> section in <tt>/etc/dnf/automatic.conf</tt>.", "rationale": "Installing software updates is a fundamental mitigation against\nthe exploitation of publicly-known vulnerabilities. If the most\nrecent security patches and updates are not installed, unauthorized\nusers may take advantage of weaknesses in the unpatched software. The\nlack of prompt attention to patching could result in a system compromise.\nThe automated installation of updates ensures that recent security patches\nare applied in a timely manner.", "severity": "medium", "references": {"nist": ["SI-2(5)", "CM-6(a)", "SI-2(c)"], "ospp": ["FMT_SMF_EXT.1"], "srg": ["SRG-OS-000805-GPOS-00260"], "anssi": ["R61"], "ism": ["1467", "1483", "1493"]}, "control_references": {"anssi": ["R61"], "ism": ["1467", "1483", "1493"]}, "components": [], "identifiers": {}, "ocil_clause": "apply_updates is not set to yes", "ocil": "To verify that packages comprising the available updates will be automatically installed by dnf-automatic, run the following command:\n<pre>$ sudo grep apply_updates /etc/dnf/automatic.conf</pre>\nThe output should return the following:\n<pre>apply_updates = yes</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must configure dnf-automatic to Install Available Updates Automatically.", "vuldiscussion": "Using automated tools to support patch management helps to ensure the timeliness and\ncompleteness of system patching operations.", "checktext": "To verify that packages comprising the available updates will be automatically installed by dnf-automatic, run the following command:\n\n$ sudo grep apply_updates /etc/dnf/automatic.conf\n\nThe output should return the following:\n\napply_updates = yes\n\nIf apply_updates line is missing, commented out, or not set to \"yes\", this is a finding.", "fixtext": "Configure Ubuntu 22.04 to automatically apply updates.\n\nEdit the file \"/etc/dnf/automatic.conf\" and add the following:\n\napply_updates = yes"}}, "platform": "not bootc and not container", "platforms": ["not bootc and not container"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["not_container_and_not_bootc"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Configure dnf-automatic to Install Available Updates Automatically", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml", "template": null}