RHEL-06-000008 - Vendor-provided cryptographic certificates must be installed to verify the integrity of system software.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The Red Hat GPG keys are necessary to cryptographically verify packages are from Red Hat.

Solution

To ensure the system can cryptographically verify base software packages come from Red Hat (and to connect to the Red Hat Network to receive them), the Red Hat GPG keys must be installed properly. To install the Red Hat GPG keys, run:

# rhn_register

If the system is not connected to the Internet or an RHN Satellite, then install the Red Hat GPG keys from trusted media such as the Red Hat installation CD-ROM or DVD. Assuming the disc is mounted in '/media/cdrom', use the following command as the root user to import them into the keyring:

# rpm --import /media/cdrom/RPM-GPG-KEY

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_6_V2R1_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-7(6), CAT|I, CCI|CCI-001749, Rule-ID|SV-217852r505923_rule, STIG-ID|RHEL-06-000008, STIG-Legacy|SV-50276, STIG-Legacy|V-38476, Vuln-ID|V-217852

Plugin: Unix

Control ID: ca23439b6ae8133b6c12abd83f90740dac868e6661f8b46a0303999b17c49e76