criticalsystemverified ✓
Ensure RHEL is a vendor-supported release
rhel-vendor-supported · RHEL ≥ 8 · 1 impl
Description
The operating system must be a vendor-supported release. Red Hat must continue to provide security patches and support for the installed version of RHEL.
Rationale
An operating system that is no longer supported by the vendor will not receive security updates. Running unsupported software exposes the system to unpatched vulnerabilities.
Check → Remediate
Checkcommand
if [ ! -f /etc/redhat-release ]; then echo "FAIL: /etc/redhat-release not found" exit 1 fi release=$(cat /etc/redhat-release) ver=$(echo "$release" | grep -oE '[0-9]+\.[0-9]+' | head -1) major=$(echo "$ver" | cut -d. -f1) if [ -z "$major" ]; then echo "FAIL: cannot parse version from $release" exit 1 fi if [ "$major" -ge 8 ]; then echo "OK: $release" exit 0 fi echo "FAIL: $release (unsupported)" exit 1
- expected_exit:
- 0
Remediatemanual
- note:
- Upgrade to a vendor-supported RHEL release. Check support dates at https://access.redhat.com/support/policy/updates/errata
Framework references
STIG
V-282965 / RHEL-10-001000V-257777 / RHEL-09-211010V-230221
NIST 800-53
SI-2SA-22
Live verification
rhel8:check
#vendor-support#patching#lifecycle