Unused dependency files are not set to be removed automatically
Description
During upgrade/update or uninstallation of a software, the old package dependency files may not be removed. Previous versions of software components that are not removed from the system after updates have been installed may be exploited by adversaries. Fixing this misconfiguration will set "Upgrade::Remove-Unused-Dependencies" in the APT configuration file to true, so that the unused dependency files of the older versions of software gets automatically removed.
Severity
critical
Category
Linux - APT Hardening
Resolution
Follow the below steps to resolve the misconfiguration.
Set the following parameter in a /etc/apt.d/* file:
Unattended-Upgrade::Remove-Unused-Dependencies "true"";"
Potential issues that may arise after applying the resolution
Altering the existing security setting may create the following impact in your network operations.
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
