Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22588 | GEN008800 | SV-26990r1_rule | ECSC-1 | Low |
Description |
---|
To prevent the installation of software from unauthorized sources, the system package management tool must use cryptographic algorithms to verify the packages are authentic. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2015-03-12 |
Check Text ( C-27933r2_chk ) |
---|
Verify RPM signature validation is not disabled. # grep nosignature /etc/rpmrc /usr/lib/rpm/rpmrc /usr/lib/rpm/redhat/rpmrc ~root/.rpmrc If any configuration is found, this is a finding. Verify YUM signature validation is not disabled. # grep gpgcheck /etc/yum.conf /etc/yum.repos.d/* If any "gpgcheck" setting is returned that is not equal to "1", this is a finding. |
Fix Text (F-24256r1_fix) |
---|
Edit the RPM configuration file containing the "nosignature" option and remove the option. Edit the YUM configuration containing "gpgcheck=0" and set the value to "1". |