Red Hat Enterprise Linux 9 • Release: 7 Benchmark Date: 05 Jan 2026

CAT III V-257824 RHEL-09-214035

RHEL 9 must remove all software components after updated versions have been installed.

Documentable No
Rule ID SV-257824r1044886_rule
CCI References
CCI-002617

Discussion

Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by some adversaries.

Check Procedure

Verify RHEL 9 removes all software components after updated versions have been installed with the following command:

$ grep -i clean_requirements_on_remove /etc/dnf/dnf.conf

clean_requirements_on_remove=True

If "clean_requirements_on_remove" is not set to "True", this is a finding.

Fix Action

Configure RHEL 9 to remove all software components after updated versions have been installed.

Edit the file /etc/dnf/dnf.conf by adding or editing the following line:

 clean_requirements_on_remove=True