Profile Applicability:
• Level 1
Description:
Proper configuration of package manager repositories ensures that software packages are obtained from trusted and authorized sources. Misconfigured or untrusted repositories can introduce security risks by allowing installation of compromised or unauthorized software.
Rationale:
Configuring package repositories correctly helps maintain system integrity and security by ensuring that updates and software come from verified and trusted locations.
Impact:
Pros:
Guarantees software authenticity and integrity.
Enables timely security updates from trusted sources.
Cons:
Misconfiguration may lead to failure in package updates or installations.
Default Value:
Package managers usually come pre-configured with default repositories, but additional repositories may need to be configured or audited.
Pre-requisites:
Root or sudo privileges to add, remove, or modify repository configurations.
Remediation:
Test Plan:
Using Linux command line:
List all configured repositories:
For RPM-based systems:
yum repolist all
For Debian-based systems:
apt-cache policy
Verify repositories are enabled and point to trusted URLs.
Check repository configuration files in /etc/yum.repos.d/ or /etc/apt/sources.list and /etc/apt/sources.list.d/.
Implementation Plan:
Using Linux command line:
Add or edit repository files to include only trusted repositories.
Disable or remove untrusted or unused repositories.
Refresh package manager metadata:
Backout Plan:
Using Linux command line:
Revert repository configuration files to previous known good state (backup recommended).
Re-enable any necessary repositories removed during remediation.
Refresh package metadata.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
Yum Repository Management
APT Repository Management