UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Vendor-provided cryptographic certificates must be installed to verify the integrity of system software.


Overview

Finding ID Version Rule ID IA Controls Severity
RHEL-06-000008 RHEL-06-000008 RHEL-06-000008_rule High
Description
This key is necessary to cryptographically verify packages are from Red Hat.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2013-02-05

Details

Check Text ( C-RHEL-06-000008_chk )
To ensure that the GPG key is installed, run:

$ rpm -q --queryformat "%{SUMMARY}\n" gpg-pubkey

The command should return the string below:

gpg(Red Hat, Inc. (release key )


If the Red Hat GPG Key is not installed, this is a finding.
Fix Text (F-RHEL-06-000008_fix)
To ensure the system can cryptographically verify base software packages come from Red Hat (and to connect to the Red Hat Network to receive them if desired), the Red Hat GPG key must properly be installed. To ensure the GPG key is installed, run:

# rhn_register