1.2.2 Ensure GPG keys are configured

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Most packages managers implement GPG key signing to verify package integrity during installation. It is important to ensure that updates are obtained from a valid source to protect against spoofing that could lead to the inadvertent installation of malware on the system.

Note: Nessus has not performed an evaluation of this check. Please manually review the check output for correctness.

Solution

Update your package manager GPG keys in accordance with site policy.

See Also

https://benchmarks.cisecurity.org/tools2/linux/CIS_Ubuntu_Linux_14.04_LTS_Benchmark_v2.0.0.pdf

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-7

Plugin: Unix

Control ID: 6c12fb200ee0d8bf74f13042e0427a4e00a893d5df4c895ad81651cfd21ebc39