Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22588 | GEN008800 | SV-26990r2_rule | Low |
Description |
---|
To prevent the installation of software from unauthorized sources, the system package management tool must use cryptographic algorithms to verify the packages are authentic. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2017-03-01 |
Check Text ( C-27933r3_chk ) |
---|
Verify YUM signature validation is not disabled. # grep gpgcheck /etc/yum.conf /etc/yum.repos.d/* If no results are returned, or the returned “gpgcheck” settings are not equal to “1”, this is a finding. |
Fix Text (F-24256r2_fix) |
---|
Edit the YUM configuration containing "gpgcheck=0" and set the value to "1". |