1.2.3 Ensure gpgcheck is globally activated

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

It is important to ensure that an RPM's package signature is always checked prior to installation to ensure that the software is obtained from a trusted source.

Solution

Edit /etc/yum.conf and set 'gpgcheck=1' in the [main] section. Edit any failing files in /etc/yum.repos.d/* and set all instances of gpgcheck to '1'.

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-7, CSCv6|4.5

Plugin: Unix

Control ID: 9ead74952ba7c66a2eaeea82fb64429e4bd1119ed069c245aa725f50e0ef1e69