Ensure Oracle Linux GPG Key Installed
An XCCDF Rule
Description
To ensure the system can cryptographically verify base software packages come from Oracle (and to connect to the Unbreakable Linux Network to receive them), the Oracle GPG key must properly be installed. To install the Oracle GPG key, run:
$ sudo uln_registerIf the system is not connected to the Internet, then install the Oracle GPG key from trusted media such as the Oracle installation CD-ROM or DVD. Assuming the disc is mounted in
/media/cdrom
, use the following command as the root user to import
it into the keyring:
$ sudo rpm --import /media/cdrom/RPM-GPG-KEY-oracleAlternatively, the key may be pre-loaded during the Oracle installation. In such cases, the key can be installed by running the following command:
sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
Rationale
Changes to software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor. The Oracle GPG key is necessary to cryptographically verify packages are from Oracle.
- ID
- xccdf_org.ssgproject.content_rule_ensure_oracle_gpgkey_installed
- Severity
- High
- References
- Updated
Remediation - Shell Script
# OL fingerprints below retrieved from: https://linux.oracle.com/security/gpg/#gpg
readonly OL_RELEASE_FINGERPRINT="42144123FECFC55B9086313D72F97B74EC551F03"
readonly OL_AUXILIARY_FINGERPRINT=""
FINGERPRINTS_REGEX="${OL_RELEASE_FINGERPRINT}"