The Photon operating system TDNF package management tool must cryptographically verify the authenticity of all software packages during installation for all repos.

An XCCDF Rule

Description

<VulnDiscussion>Installation of any nontrusted software, patches, service packs, device drivers, or operating system components can significantly affect the overall security of the operating system. This requirement ensures the software has not been tampered with and has been provided by a trusted vendor.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-258864r1015951_rule
Severity: High
References: CCI-001749 CCI-003992
Updated: 17 days ago

Open the file where "gpgcheck" is not set to 1 with a text editor.

Add or update the following line:

gpgcheck=1

The Photon operating system TDNF package management tool must cryptographically verify the authenticity of all software packages during installation for all repos.

Description

Remediation - Manual Procedure