InformationThe gpgcheck option, found in the main section of the /etc/yum.conf and individual /etc/yum/repos.d/* files determines if an RPM package's signature is checked prior to its installation.
It is important to ensure that an RPM's package signature is always checked prior to installation to ensure that the software is obtained from a trusted source.
SolutionEdit /etc/yum.conf and set 'gpgcheck=1' in the [main] section.
Example: vim /etc/yum.conf
Edit any failing files in /etc/yum.repos.d/* and set all instances of gpgcheck to '1'.
This Benchmark recommendation maps to:
Red Hat Enterprise Linux 7 Security Technical Implementation Guide:
Version 2, Release: 3 Benchmark Date: 26 Apr 2019
Vul ID: V-71977
Rule ID: SV-86601r2_rule
STIG ID: RHEL-07-020050
Severity: CAT I