Details
The gpgcheck option, found in the main section of the /etc/yum.conf and individual /etc/yum/repos.d/*.repo files determines if an RPM package’s signature is checked prior to its installation.
Rationale:
It is important to ensure that an RPM’s package signature is always checked prior to installation to ensure that the software is obtained from a trusted source.
Solution
Edit /etc/yum.conf and set ‘gpgcheck=1’ in the [main] section.
Edit any failing files in /etc/yum.repos.d/*.repo and set all instances of gpgcheck to 1.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Unix.