View the security misconfiguration catalog
  • Misconfiguration Name
  • APT GNU Privacy Guard (GPG) key check when installing packages is not enabled
  • Description
  • Advanced Package Tool, or APT, is a free-software user interface that works with core libraries to handle the installation and removal of software packages on Debian, Ubuntu, and related Linux distributions. APT utilizes GNU Privacy Guard GPG key signing to verify package integrity during installation. Fixing this misconfiguration will enable¬†¬†GNU Privacy Guard (GPG) key check in APT when installing packages
  • Severity
  • important
  • Category
  • Linux - APT Hardening
  • Resolution
  • Follow the below steps to resolve the misconfiguration. Set the following parameter in a /etc/apt.d/* file: APT::Get::AllowUnauthenticated "false"";"
  • Potential issues that may arise after applying the resolution
  • Altering the existing security setting may create the following impact in your network operations.
  • Does remediation require reboot?
  • No