1.2.3 Verify that gpgcheck is Globally Activated

Information

The gpgcheck option, found in the main section of the /etc/yum.conf file determines if an RPM package's signature is always checked prior to its installation.

Rationale:

It is important to ensure that an RPM's package signature is always checked prior to installation to ensure that the software is obtained from a trusted source.

Solution

Edit the /etc/yum.conf file and set the gpgcheck to 1 as follows:

gpgcheck=1

See Also

https://workbench.cisecurity.org/files/3096

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-2c., CSCv7|3.4

Plugin: Unix

Control ID: bdbbc80b5b82af8ffffb55b32dc4066ebd45836747f55840bdb78ba9890587f1