{"description": "The system must not have the EPEL (Extra Packages for Enterprise Linux) repository enabled.\nEPEL provides additional packages that are not part of the official RHEL distribution and\nmay not meet enterprise security requirements.\n\nCheck if any repository files in <tt>/etc/yum.repos.d/</tt> contain enabled EPEL repositories\nby running:\n<pre>$ grep -r \"^\\[.*epel.*\\]\" /etc/yum.repos.d/</pre>\n\nIf EPEL repositories are found, ensure they are disabled by setting <tt>enabled=0</tt> in\nthe repository configuration file.", "rationale": "The EPEL repository is not officially supported by Red Hat and may contain packages that have\nnot been vetted for security in an enterprise environment. Using unsupported repositories can\nintroduce vulnerabilities, compatibility issues, or packages that do not meet DoD security\nrequirements. Only packages from authorized repositories should be installed to maintain\nsystem integrity and security.", "severity": "medium", "references": {"srg": ["SRG-OS-000095-GPOS-00049"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "EPEL repository is enabled", "ocil": "To verify that EPEL repository is not enabled, run the following commands:\n<pre>$ grep -r \"^\\[.*epel.*\\]\" /etc/yum.repos.d/</pre>\nFor each EPEL repository found, check if it is enabled:\n<pre>$ grep -A 5 \"^\\[.*epel.*\\]\" /etc/yum.repos.d/*.repo | grep \"enabled\"</pre>\nThe output should show <tt>enabled=0</tt> for all EPEL repositories, or no EPEL repositories\nshould be present.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Ensure EPEL Repository is Disabled", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/updating/ensure_epel_repos_disabled/rule.yml", "template": null}