1.2.3 Ensure gpgcheck is globally activated (Scored) [SecScan]

This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong.

====== 1.2.3 Ensure gpgcheck is globally activated (Scored) ======
=====Profile Applicability=====  
<code>
Level 1 - Server 
Level 1 - Workstation
</code>
=====Description=====
The ''gpgcheck'' option, found in the main section of the ''/etc/yum.conf'' and individual ''/etc/yum/repos.d/*'' files determines if an RPM package's signature is checked prior to its installation.
=====Rationale=====
It is important to ensure that an RPM's package signature is always checked prior to installation to ensure that the software is obtained from a trusted source.
=====Audit===== 
Run the following command and verify ''gpgcheck'' is set to ''"1"'':
<Code:bash>
# grep ^gpgcheck /etc/yum.conf 
gpgcheck=1
</Code>
Run the following command and verify that all instances of ''gpgcheck'' returned are set to ''"1"'':
<Code:bash>
# grep ^gpgcheck /etc/yum.repos.d/*
</Code>
=====Remediation===== 
Edit ''/etc/yum.conf'' and set ''gpgcheck=1'' in the ''[main]'' section. \\ 
Edit any failing files in ''/etc/yum.repos.d/*'' and set all instances of gpgcheck to ''"1"''.