Check: PHTN-67-000063
VMware vSphere 6.7 Photon OS STIG:
PHTN-67-000063
(in versions v1 r6 through v1 r1)
Title
The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation. (Cat II impact)
Discussion
Installation of any non-trusted software, patches, service packs, device drivers, or operating system components can significantly affect the overall security of the operating system. This requirement ensures the software has not been tampered with and has been provided by a trusted vendor.
Check Content
At the command line, execute the following command: # grep "^gpgcheck" /etc/tdnf/tdnf.conf If "gpgcheck" is not set to "1", this is a finding.
Fix Text
Open /etc/tdnf/tdnf.conf with a text editor. Remove any existing gpgcheck setting and add the following line: gpgcheck=1
Additional Identifiers
Rule ID: SV-239134r877463_rule
Vulnerability ID: V-239134
Group Title: SRG-OS-000366-GPOS-00153
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001749 |
The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization. |
Controls
Number | Title |
---|---|
CM-5 (3) |
Signed Components |