← Rules Catalog
criticalsystemverified

Ensure RHEL is a vendor-supported release

rhel-vendor-supported · RHEL ≥ 8 · 1 impl

Description

The operating system must be a vendor-supported release. Red Hat must continue to provide security patches and support for the installed version of RHEL.

Rationale

An operating system that is no longer supported by the vendor will not receive security updates. Running unsupported software exposes the system to unpatched vulnerabilities.

Check → Remediate

Checkcommand
if [ ! -f /etc/redhat-release ]; then
  echo "FAIL: /etc/redhat-release not found"
  exit 1
fi
release=$(cat /etc/redhat-release)
ver=$(echo "$release" | grep -oE '[0-9]+\.[0-9]+' | head -1)
major=$(echo "$ver" | cut -d. -f1)
if [ -z "$major" ]; then
  echo "FAIL: cannot parse version from $release"
  exit 1
fi
if [ "$major" -ge 8 ]; then
  echo "OK: $release"
  exit 0
fi
echo "FAIL: $release (unsupported)"
exit 1
expected_exit:
0
Remediatemanual
note:
Upgrade to a vendor-supported RHEL release. Check support dates at https://access.redhat.com/support/policy/updates/errata

Framework references

STIG

V-282965 / RHEL-10-001000V-257777 / RHEL-09-211010V-230221

NIST 800-53

SI-2SA-22

Live verification

rhel8:check
#vendor-support#patching#lifecycle