[Forgot Password]
Login  Register Subscribe

26309

 
 

132812

 
 

150258

 
 

909

 
 

119593

 
 

158

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90940-8

Platform: rhel7,centos7Date: (C)2017-06-29   (M)2020-02-19



Ensure Red Hat GPG Key Installed To ensure the system can cryptographically verify base software packages come from Red Hat (and to connect to the Red Hat Network to receive them), the Red Hat GPG key must properly be installed. To install the Red Hat GPG key, run: '$ sudo rhn_register' If the system is not connected to the Internet or an RHN Satellite, then install the Red Hat GPG key from trusted media such as the Red Hat installation CD-ROM or DVD. Assuming the disc is mounted in '/media/cdrom', use the following command as the root user to import it into the keyring: '$ sudo rpm --import /media/cdrom/RPM-GPG-KEY'


Parameter:


Technical Mechanism: Changes to software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor. The Red Hat GPG key is necessary to cryptographically verify packages are from Red Hat. Fix: # The two fingerprints below are retrieved from https://access.redhat.com/security/team/key readonly REDHAT_RELEASE_2_FINGERPRINT="567E 347A D004 4ADE 55BA 8A5F 199E 2F91 FD43 1D51" readonly REDHAT_AUXILIARY_FINGERPRINT="43A6 E49C 4A38 F4BE 9ABF 2A53 4568 9C88 2FA6 58E0" # Location of the key we would like to import (once it's integrity verified) readonly REDHAT_RELEASE_KEY="/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" RPM_GPG_DIR_PERMS=$(stat -c %a $(dirname $REDHAT_RELEASE_KEY)) # Verify /etc/pki/rpm-gpg directory permissions are safe if [ $ -le "755" ] then # If they are safe, try to obtain fingerprints from the key file # (to ensure there won't be e.g. CRC error) IFS=$'\n' GPG_OUT=($(gpg --with-fingerprint ${REDHAT_RELEASE_KEY})) GPG_RESULT=$? # No CRC error, safe to proceed if [ $ -eq "0" ] then for ITEM in $ do # Filter just hexadecimal fingerprints from gpg's output from # processing of a key file RESULT=$(echo $ | sed -n "s/[[:space:]]*Key fingerprint = \(.*\)/\1/p" | tr -s '[:space:]') # If fingerprint matches Red Hat's release 2 or auxiliary key import the key if [[ $ ]] && ([[ $ = $ ]] || \ [[ $ = $ ]]) then rpm --import ${REDHAT_RELEASE_KEY} fi done fi fi

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:31318
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:30595


OVAL    2
oval:org.secpod.oval:def:31318
oval:org.secpod.oval:def:30595

© SecPod Technologies