Issues with installing Amazon Inspector on CIS STIG benchmark AMI's


Product Name

CIS Hardened Images® (AWS)

Product Version

CIS STIG Benchmarks

Date

Jul 24, 2020



 

Problem

We have a CIS Amazon Linux 2 STIG Benchmark AMI’s through the AWS Marketplace for both our Commercial and GovCloud EC2 instances. We are unable to get the Amazon Inspector Agent to successfully install on these instances.
Can you provide instructions on how we can get the Inspector Agent successfully installed and running on these instances?

 

Solution

On our AWS STIG Images, we have gpg checking enabled when installing packages with rpm. This setting is in /etc/yum.conf - localpkg_gpgcheck=1 . You won't be able to install an unsigned package if you don't have the key from AWS.

If you wish to turn off our recommendation, you can go into yum.conf and set 1 to 0.

 


Copyright © 2020

Center for Internet Security®