Check: PHTN-67-000064
VMware vSphere 6.7 Photon OS STIG:
PHTN-67-000064
(in versions v1 r6 through v1 r1)
Title
The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation. (Cat II impact)
Discussion
Installation of any non-trusted software, patches, service packs, device drivers, or operating system components can significantly affect the overall security of the operating system. This requirement ensures the software has not been tampered with and has been provided by a trusted vendor.
Check Content
At the command line, execute the following command: # grep gpgcheck /etc/yum.repos.d/* If "gpgcheck" is not set to "1" in any returned file, this is a finding.
Fix Text
Open the file where gpgcheck is not set to "1" with a text editor. Remove any existing gpgcheck setting and add the following line at the end of the file: gpgcheck=1
Additional Identifiers
Rule ID: SV-239135r877463_rule
Vulnerability ID: V-239135
Group Title: SRG-OS-000366-GPOS-00153
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001749 |
The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization. |
Controls
Number | Title |
---|---|
CM-5 (3) |
Signed Components |