Red Hat Enterprise Linux 9 • Release: 7 Benchmark Date: 05 Jan 2026

CAT II V-257830 RHEL-09-215035

RHEL 9 must not install packages from the Extra Packages for Enterprise Linux (EPEL) repository.

Documentable No
Rule ID SV-257830r1134906_rule
CCI References
CCI-000381

Discussion

The EPEL is a repository of high-quality open-source packages for enterprise-class Linux distributions such as RHEL, CentOS, AlmaLinux, Rocky Linux, and Oracle Linux. These packages are not part of the official distribution but are built using the same Fedora build system to ensure compatibility and maintain quality standards.

Check Procedure

Verify that RHEL 9 is not able to install packages from the EPEL with the following command:

$ dnf repolist
rhel-9-for-x86_64-appstream-rpms                Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs)
rhel-9-for-x86_64-baseos-rpms                   Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs)

If any repositories containing the word "epel" in the name exist, this is a finding.

Fix Action

The repo package can be manually removed with the following command:

$ sudo dnf remove epel-release

Configure the operating system to disable use of the EPEL repository with the following command:

$ sudo dnf config-manager --set-disabled epel