OL6-00-000008 – Vendor-provided cryptographic certificates must be installed to verify the integrity of system software.

Details

This key is necessary to cryptographically verify packages that packages are from the operating system vendor.

Solution

To ensure the system can cryptographically verify the software packages come from the operating system vendor (and connect to the vendor’s network software repository to receive them if desired), the vendor GPG key must properly be installed. To ensure the GPG key is installed, run:

# wget http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6
# rpm –import RPM-GPG-KEY-oracle-ol6

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_6_V1R18_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-5(3)
CAT|I
CCI|CCI-001749
CSCv6|2.2
Group-ID|V-50689
Rule-ID|SV-219543r603263_rule
STIG-ID|OL6-00-000008
STIG-Legacy|SV-64895
STIG-Legacy|V-50689
Vuln-ID|V-219543

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles