Vendor-provided cryptographic certificates must be installed to verify the integrity of system software.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-38476	RHEL-06-000008	SV-50276r2_rule		High

Description
The Red Hat GPG key is necessary to cryptographically verify packages are from Red Hat.

STIG	Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide	2014-06-10

Details

Check Text ( None )
None

Fix Text (F-43421r2_fix)
To ensure the system can cryptographically verify base software packages come from Red Hat (and to connect to the Red Hat Network to receive them), the Red Hat GPG key must properly be installed. To install the Red Hat GPG key, run: # rhn_register If the system is not connected to the Internet or an RHN Satellite, then install the Red Hat GPG key from trusted media such as the Red Hat installation CD-ROM or DVD. Assuming the disc is mounted in "/media/cdrom", use the following command as the root user to import it into the keyring: # rpm --import /media/cdrom/RPM-GPG-KEY

Fix Text (F-43421r2_fix)

To ensure the system can cryptographically verify base software packages come from Red Hat (and to connect to the Red Hat Network to receive them), the Red Hat GPG key must properly be installed. To install the Red Hat GPG key, run:

# rhn_register

If the system is not connected to the Internet or an RHN Satellite, then install the Red Hat GPG key from trusted media such as the Red Hat installation CD-ROM or DVD. Assuming the disc is mounted in "/media/cdrom", use the following command as the root user to import it into the keyring:

# rpm --import /media/cdrom/RPM-GPG-KEY