STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:SV-230265r627750_rule
V-230265
SRG-OS-000366-GPOS-00153
RHEL-08-010371
CAT I
10
Configure the operating system to remove all software components after updated versions have been installed.
Set the "localpkg_gpgcheck" option to "True" in the "/etc/dnf/dnf.conf" file:
localpkg_gpgcheck=True
Verify the operating system prevents the installation of patches, service packs, device drivers, or operating system components from a repository without verification that they have been digitally signed using a certificate that is recognized and approved by the organization.
Check if YUM is configured to perform a signature check on local packages with the following command:
$ sudo grep -i localpkg_gpgcheck /etc/dnf/dnf.conf
localpkg_gpgcheck =True
If "localpkg_gpgcheck" is not set to either "1", "True", or "yes", commented out, or is missing from "/etc/dnf/dnf.conf", this is a finding.
V-230265
False
RHEL-08-010371
Verify the operating system prevents the installation of patches, service packs, device drivers, or operating system components from a repository without verification that they have been digitally signed using a certificate that is recognized and approved by the organization.
Check if YUM is configured to perform a signature check on local packages with the following command:
$ sudo grep -i localpkg_gpgcheck /etc/dnf/dnf.conf
localpkg_gpgcheck =True
If "localpkg_gpgcheck" is not set to either "1", "True", or "yes", commented out, or is missing from "/etc/dnf/dnf.conf", this is a finding.
M
2921