Details
The gpgcheck option, found in the main section of the /etc/yum.conf file determines if an RPM package’s signature is always checked prior to its installation.
Rationale:
It is important to ensure that an RPM’s package signature is always checked prior to installation to ensure that the software is obtained from a trusted source.
Solution
Edit the /etc/yum.conf file and set the gpgcheck to 1 as follows:
gpgcheck=1
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Unix.