UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Vendor-provided cryptographic certificates must be installed to verify the integrity of system software.


Overview

Finding ID Version Rule ID IA Controls Severity
V-50689 OL6-00-000008 SV-64895r3_rule High
Description
This key is necessary to cryptographically verify packages that packages are from the operating system vendor.
STIG Date
Oracle Linux 6 Security Technical Implementation Guide 2018-03-01

Details

Check Text ( C-53181r3_chk )
To ensure that the GPG key is installed, run:

# rpm -qi gpg-pubkey-ec551f03 | gpg --keyid-format long | grep oracle.com | cut -f3 -d" " |cut -f2 -d"/"

The command should return the string below:

72F97B74EC551F03

If the operating system vendor GPG Key is not installed, this is a finding.
Fix Text (F-55485r1_fix)
To ensure the system can cryptographically verify the software packages come from the operating system vendor (and connect to the vendor's network software repository to receive them if desired), the vendor GPG key must properly be installed. To ensure the GPG key is installed, run:

# wget http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6
# rpm --import RPM-GPG-KEY-oracle-ol6