Added verbaige for systems that don't specifically use /etc/yum.conf in the case of looking for "gpgcheck=1".
Many consider using /etc/yum.conf for all repo information to be an odler, and depreciated method. Most systems use /etc/yum.repos.d/(reponame).repo method, of which the check didn't have an explanation for. Added this "/etc/yum.repos.d/(reponame).repo" text, and retested rule. <PASS>
>From ebc068bd50d3761e36ad66649e53c3dc48b29d8e Mon Sep 17 00:00:00 2001 From: Michael McConachie <[email protected]> Date: Fri, 28 Sep 2012 22:50:52 -0400 Subject: [PATCH] Update for input/system/software/updating.xml --- RHEL6/input/system/software/updating.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/RHEL6/input/system/software/updating.xml b/RHEL6/input/system/software/updating.xml index ac9e590..1cbaae2 100644 --- a/RHEL6/input/system/software/updating.xml +++ b/RHEL6/input/system/software/updating.xml @@ -56,8 +56,8 @@ the <tt>[main]</tt> section: </description> <ocil clause="GPG checking isn't enabled"> To determine whether <tt>yum</tt> is configured to use <tt>gpgcheck</tt>, -inspect <tt>/etc/yum.conf</tt> and ensure that the following appears in the -<tt>[main]</tt> section: +inspect <tt>/etc/yum.conf</tt> and <tt>/etc/yum.repos.d/(reponame).repo</tt> +to ensure that the following appears in the <tt>[main]</tt> section: <pre>gpgcheck=1</pre> A value of <tt>1</tt> indicates that <tt>gpgcheck</tt> is enabled. Absence of a <tt>gpgcheck</tt> line or a setting of <tt>0</tt> indicates that it is -- 1.7.11.4
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
