UCF STIG Viewer Logo

The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation.


Finding ID Version Rule ID IA Controls Severity
V-239133 PHTN-67-000062 SV-239133r675207_rule Medium
Installation of any non-trusted software, patches, service packs, device drivers, or operating system components can significantly affect the overall security of the operating system. Ensuring all packages' cryptographic signatures are valid prior to installation ensures the provenance of the software and protects against malicious tampering.
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide 2022-06-17


Check Text ( C-42344r675205_chk )
At the command line, execute the following command:

# grep -s nosignature /usr/lib/rpm/rpmrc /etc/rpmrc ~root/.rpmrc

If the command returns any output, this is a finding.
Fix Text (F-42303r675206_fix)
Open the file containing "nosignature" with a text editor and remove the option.