Check: PHTN-67-000062
VMware vSphere 6.7 Photon OS STIG:
PHTN-67-000062
(in versions v1 r6 through v1 r1)
Title
The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation. (Cat II impact)
Discussion
Installation of any non-trusted software, patches, service packs, device drivers, or operating system components can significantly affect the overall security of the operating system. Ensuring all packages' cryptographic signatures are valid prior to installation ensures the provenance of the software and protects against malicious tampering.
Check Content
At the command line, execute the following command: # grep -s nosignature /usr/lib/rpm/rpmrc /etc/rpmrc ~root/.rpmrc If the command returns any output, this is a finding.
Fix Text
Open the file containing "nosignature" with a text editor and remove the option.
Additional Identifiers
Rule ID: SV-239133r877463_rule
Vulnerability ID: V-239133
Group Title: SRG-OS-000366-GPOS-00153
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001749 |
The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization. |
Controls
Number | Title |
---|---|
CM-5 (3) |
Signed Components |