1.2.2 Ensure GPG keys are configured (Not Scored)

Level 1 - Server 
Level 1 - Workstation

Most packages managers implement GPG key signing to verify package integrity during installation.

It is important to ensure that updates are obtained from a valid source to protect against spoofing that could lead to the inadvertent installation of malware on the system.

Run the following command and verify GPG keys are configured correctly for your package manager:

# apt-key list

Update your package manager GPG keys in accordance with site policy.

  • ubuntu1604/1/2/2.txt
  • Last modified: 2017/05/02 15:17
  • by Piotr K┼éoczewski