e57593dfd4
With the upcoming changes to rebase onto the RHEL 7 STIG controls, there needs to be a new solution for documentation that is easier to manage and filter. This patch automates the generation of the STIG control documentation in the following way: * A Sphinx extension runs early in the doc build process that writes all of the individual STIG control docs as well as ToC pages. * ToC pages are now sorted by severity, tag, and implementation status. * A giant listing of controls is easier to navigate now. * Docs are generated from metadata in the /doc/metadata directory. New documentation only needs to be added there. (Will explain this in the developer notes in a subsequent patch.) Implements: blueprint security-rhel7-stig Change-Id: I455af1121049f52193e98e2c9cb1ba5d4c292386
1.1 KiB
---id: V-38481 status: opt-in tag: misc ---
Opt-in required
Operating system patching policies vary from organization to organization and are typically established based on business requirements and risk tolerance.
Note
Automatically upgrading packages can provide significant security benefits, but they can reduce availability and reliability. Updating packages can cause daemons to restart on some systems and they can cause local customizations of configuration files to be lost.
Deployers are strongly urged to understand the nature of this change and the associated risks prior to enabling automatic upgrades.
Deployers can enable automatic updates by setting
security_unattended_upgrades to True:
security_unattended_upgrades: trueIn Ubuntu, the unattended-upgrades package is installed
and enabled. This will apply updates that are made available to the
trusty-security (Ubuntu 14.04) or xenial-security (Ubuntu 16.04)
repositories.
In CentOS, the yum-cron package is installed and
configured to automatically apply updates.