highsystemverified ✓rollback-safe
Enable GPG signature checking for packages
gpgcheck-enabled · RHEL ≥ 8 · 1 impl
Description
The gpgcheck option in /etc/dnf/dnf.conf must be enabled to ensure all packages are verified using GPG signatures before installation.
Rationale
GPG signature verification ensures packages come from trusted sources and have not been tampered with. Without this, malicious packages could be installed on the system.
Check → Remediate
Checkconfig_value
- path:
- /etc/dnf/dnf.conf
- key:
- gpgcheck
- expected:
- 1
Remediateconfig_set
- path:
- /etc/dnf/dnf.conf
- key:
- gpgcheck
- value:
- 1
- separator:
- =
Framework references
CIS
rhel8 1.2.1.2rhel9 1.2.1.2rhel10 1.2.1.2
STIG
V-230264V-257819 / RHEL-09-214010V-257820 / RHEL-09-214015V-280932 / RHEL-10-001030
NIST 800-53
CM-11(a)SI-7
Live verification
rhel10:checkrhel8:checkrhel9:check
#packages#gpg#dnf#security