Lynis Security Controls
PKGS-7346 - Unpurged packages
While not directly a security concern, unpurged packages are not installed but still have remains left on the system (e.g. configuration files). In case software is reinstalled, an old configuration might be applied. Proper cleanups are therefore advised.
How to solve
Packages which are removed, but still have some files left on the systems, are called unpurged packages. For example, a changed configuration file might not be deleted by the package manager, to ensure you don't loose your customizations. However if you intended to remove a package fully, an additional step is needed to clean those files. This is "purging" and can be done with the dpkg command.
Perform daily health checks of your environment, learn in-depth system hardening, and protect your systems better.Upgrade to Lynis Enterprise
Linux and Unix System Hardening
This information is provided as part of the Lynis community project. It is related to Lynis control PKGS-7346. All information should be considered as-is, without guarantees. Any advice or snippets should be tested before implementing in production environments.
Lynis is a technical security audit tool for Unix flavors like Linux, macOS, AIX, Solaris, and *BSD. It is open source software and free to use. The project has an active community, including open development via GitHub.
Need more advanced features, like vulnerability scanning, or reporting installed software packages? Lynis Enterprise will collect more data and present it with an easy to use web interface.
Gain additional benefits: automating security audits, reporting, and the implementation of related security measures.
- Centralized management
- Prioritized plans
- Integration (API)
- Improvement snippets for tools like Ansible, Chef, Cfengine, Puppet, and SaltStack