CentOS is a very solid operating system and, in our opinion, is much better on the security side than Ubuntu, especially when we run a web server.
Over the years CentOS has evolved a lot, and the transition from CentOS 6.x to 7.x has brought a lot of changes to the security side.
Many vulnerabilities on old versions of CentOS because of software installations in archives (YUM repositories) less secure. For example, a simple installation of PML (Linux, Nginx, MySQL & PHP) can cause problems in time if these packages have not been installed from safe sources.
With the launch of CentOS 7, limitations have been set on user access to system files and limitations on installing packages. "unsigned”Or without GPG key. If you came across this article, you most likely encountered the error:
GPG key retrieval failed: [Errno 14] curl#37 - Couldn't open file ... RPM-GPG-KEY
This occurs when we want to install (ym install) or update (yum -y update) software packages that do not contain GNU Privacy Guard (GPG).
Software developers and developers are instructed that each software included in the installation packages (RPM) be accompanied by a signature. It's a simpler way to provide a guarantee to users that these RPMs are safe. The public key that accompanies installation packages is covered in Red Hat Network Channel Management Guide and must be recorded for each software in the archive.
If you encounter such an error, it is best to look for a public key archive from which to install the desired software. If you still want to continue with the installation, the simplest way is to disable the public key verification in the installation archive.
By default, the installation and software update archives are located in “/etc/yum.repos.d”. Edit with "nano" or "vi" the ".repo" file from which the .rpm file is extracted / downloaded without a public key and deactivate "gpgcheck". Set the value to "0".
[epel] name=Extra Packages for Enterprise Linux 7 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch failovermethod=priority enabled=1 exclude=nginx* gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Save the changes from the edited .repo file and run the update / installation again. Everything should go smoothly.