SV-230264r627750_rule
V-230264
SRG-OS-000366-GPOS-00153
RHEL-08-010370
CAT I
10
Configure the operating system to verify the signature of packages from a repository prior to install by setting the following option in the "/etc/yum.repos.d/[your_repo_name].repo" file:
gpgcheck=1
Verify the operating system prevents the installation of patches, service packs, device drivers, or operating system components from a repository without verification that they have been digitally signed using a certificate that is recognized and approved by the organization.
Check that YUM verifies the signature of packages from a repository prior to install with the following command:
$ sudo egrep '^\[.*\]|gpgcheck' /etc/yum.repos.d/*.repo
/etc/yum.repos.d/appstream.repo:[appstream]
/etc/yum.repos.d/appstream.repo:gpgcheck=1
/etc/yum.repos.d/baseos.repo:[baseos]
/etc/yum.repos.d/baseos.repo:gpgcheck=1
If "gpgcheck" is not set to "1", or if options are missing or commented out, ask the System Administrator how the certificates for patches and other operating system components are verified.
If there is no process to validate certificates that is approved by the organization, this is a finding.
V-230264
False
RHEL-08-010370
Verify the operating system prevents the installation of patches, service packs, device drivers, or operating system components from a repository without verification that they have been digitally signed using a certificate that is recognized and approved by the organization.
Check that YUM verifies the signature of packages from a repository prior to install with the following command:
$ sudo egrep '^\[.*\]|gpgcheck' /etc/yum.repos.d/*.repo
/etc/yum.repos.d/appstream.repo:[appstream]
/etc/yum.repos.d/appstream.repo:gpgcheck=1
/etc/yum.repos.d/baseos.repo:[baseos]
/etc/yum.repos.d/baseos.repo:gpgcheck=1
If "gpgcheck" is not set to "1", or if options are missing or commented out, ask the System Administrator how the certificates for patches and other operating system components are verified.
If there is no process to validate certificates that is approved by the organization, this is a finding.
M
2921