General Information
- Severity: high
- Title: 'dnf clean all' missing
- Category: iacMisconfigurations
- Rule: AVD-DS-0019
- Alert hash: 30e50fdef6c71c87c764b84efabd5a19
- First seen: 2026-05-27
Description
'dnf clean all' is missed: echo "######################################################" && echo "### Import trusted certs before doing anything else ###" && echo "######################################################" && for FILE in ls /opt/certs/*.pem /opt/certs/*.crt; do cat $FILE >> /etc/pki/tls/certs/ca-bundle.crt ; done && echo "###############################################" && echo "### Install ###" && echo "### -> Basics ###" && echo "### -> GCC (some makefiles require cmd which)###" && echo "### -> dependencies for kerberos SASL_SSL ###" && echo "### -> PostgreSQL dev headers (psycopg2) ###" && echo "##############################################" && dnf install -y wget tar xz bzip2-devel zlib-devel which make gcc gcc-c++ libffi-devel cyrus-sasl-devel cyrus-sasl-gssapi openssl-devel krb5-workstation postgresql-devel && echo "#################" && echo "### librdkafka ###" && echo "#################" && mkdir -p /tmp/env-install-workdir/librdkafka && cd /tmp/env-install-workdir/librdkafka && wget --ca-certificate=/etc/pki/tls/certs/ca-bundle.crt https://github.com/confluentinc/librdkafka/archive/v2.14.0.tar.gz && tar -xf v2.14.0.tar.gz && cd /tmp/env-install-workdir/librdkafka/librdkafka-2.14.0 && ./configure && make && make install && echo "###################" && echo "### pip installs ###" && echo "###################" && pip install -r ${LAMBDA_TASK_ROOT}/requirements.txt --no-binary confluent-kafka && echo "##############" && echo "### cleanup ###" && echo "##############" && cd /root && rm -rf /tmp/env-install-workdir
Location
Dependency Details
General Information
Description
'dnf clean all' is missed: echo "######################################################" && echo "### Import trusted certs before doing anything else ###" && echo "######################################################" && for FILE in
ls /opt/certs/*.pem /opt/certs/*.crt; do cat $FILE >> /etc/pki/tls/certs/ca-bundle.crt ; done && echo "###############################################" && echo "### Install ###" && echo "### -> Basics ###" && echo "### -> GCC (some makefiles require cmd which)###" && echo "### -> dependencies for kerberos SASL_SSL ###" && echo "### -> PostgreSQL dev headers (psycopg2) ###" && echo "##############################################" && dnf install -y wget tar xz bzip2-devel zlib-devel which make gcc gcc-c++ libffi-devel cyrus-sasl-devel cyrus-sasl-gssapi openssl-devel krb5-workstation postgresql-devel && echo "#################" && echo "### librdkafka ###" && echo "#################" && mkdir -p /tmp/env-install-workdir/librdkafka && cd /tmp/env-install-workdir/librdkafka && wget --ca-certificate=/etc/pki/tls/certs/ca-bundle.crt https://github.com/confluentinc/librdkafka/archive/v2.14.0.tar.gz && tar -xf v2.14.0.tar.gz && cd /tmp/env-install-workdir/librdkafka/librdkafka-2.14.0 && ./configure && make && make install && echo "###################" && echo "### pip installs ###" && echo "###################" && pip install -r ${LAMBDA_TASK_ROOT}/requirements.txt --no-binary confluent-kafka && echo "##############" && echo "### cleanup ###" && echo "##############" && cd /root && rm -rf /tmp/env-install-workdirLocation
Dependency Details