OL6-00-000008 - Vendor-provided cryptographic certificates must be installed to verify the integrity of system software.

Gavin M. Dennis

22 April 2022 17:05

Details

This key is necessary to cryptographically verify packages that packages are from the operating system vendor.

Solution

To ensure the system can cryptographically verify the software packages come from the operating system vendor (and connect to the vendor's network software repository to receive them if desired), the vendor GPG key must properly be installed. To ensure the GPG key is installed, run:

# wget http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6
# rpm --import RPM-GPG-KEY-oracle-ol6

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_6_V1R18_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-5(3)
CAT|I
CCI|CCI-001749
CSCv6|2.2
Group-ID|V-50689
Rule-ID|SV-219543r603263_rule
STIG-ID|OL6-00-000008
STIG-Legacy|SV-64895
STIG-Legacy|V-50689
Vuln-ID|V-219543

Source

Tenable.com/audits

PS. Before you go.

Request a quote to protect your organisation from cyber attacks and breaches.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section