db2663b116
This patch adds functionality to enable autoremoval of dependencies when a package is removed. This can be dangerous, so it is disabled by default. Docs are included. Implements: blueprint security-rhel7-stig Change-Id: Ie88ffaec33249ac2ff03bf3d712533b382fac877
18 lines
454 B
ReStructuredText
18 lines
454 B
ReStructuredText
---
|
|
id: RHEL-07-020200
|
|
status: opt-in
|
|
tag: packages
|
|
---
|
|
|
|
Although the STIG requires that dependent packages are removed automatically
|
|
when a package is removed, this can cause problems with certain packages,
|
|
especially kernels. Deployers must opt in to meet the requirements of this STIG
|
|
control.
|
|
|
|
Deployers should set the following variable to enable automatic dependent
|
|
package removal:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_package_clean_on_remove: yes
|