1.2.2 Ensure GPG keys are configured (Not Scored)

Level 1 - Server 
Level 1 - Workstation

Most packages managers implement GPG key signing to verify package integrity during installation.

It is important to ensure that updates are obtained from a valid source to protect against spoofing that could lead to the inadvertent installation of malware on the system.

Run the following command and verify GPG keys are configured correctly:

# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'

Update your package manager GPG keys in accordance with site policy.