{"description": "To ensure the system can cryptographically verify base software\npackages come from Oracle (and to connect to the Unbreakable Linux Network to\nreceive them), the Oracle GPG key must properly be installed.\nTo install the Oracle GPG key, run:\n<pre>$ sudo uln_register</pre>\nIf the system is not connected to the Internet,\nthen install the Oracle GPG key from trusted media such as\nthe Oracle installation CD-ROM or DVD. Assuming the disc is mounted\nin <tt>/media/cdrom</tt>, use the following command as the root user to import\nit into the keyring:\n<pre>$ sudo rpm --import /media/cdrom/RPM-GPG-KEY-oracle</pre>\n\nAlternatively, the key may be pre-loaded during the Oracle installation. In\nsuch cases, the key can be installed by running the following command:\n<pre>sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle</pre>", "rationale": "Changes to software components can have significant effects on the\noverall security of the operating system. This requirement ensures\nthe software has not been tampered with and that it has been provided\nby a trusted vendor. The Oracle GPG key is necessary to\ncryptographically verify packages are from Oracle.", "severity": "high", "references": {"cis-csc": ["11", "2", "3", "9"], "cobit5": ["APO01.06", "BAI03.05", "BAI06.01", "BAI10.01", "BAI10.02", "BAI10.03", "BAI10.05", "DSS06.02"], "isa-62443-2009": ["4.3.4.3.2", "4.3.4.3.3", "4.3.4.4.4"], "isa-62443-2013": ["SR 3.1", "SR 3.3", "SR 3.4", "SR 3.8", "SR 7.6"], "iso27001-2013": ["A.11.2.4", "A.12.1.2", "A.12.2.1", "A.12.5.1", "A.12.6.2", "A.14.1.2", "A.14.1.3", "A.14.2.2", "A.14.2.3", "A.14.2.4"], "nist": ["CM-5(3)", "SI-7", "SC-12", "SC-12(3)", "CM-6(a)", "CM-11(a)", "CM-11(b)"], "nist-csf": ["PR.DS-6", "PR.DS-8", "PR.IP-1"], "pcidss": ["Req-6.2"], "anssi": ["R59"]}, "control_references": {"anssi": ["R59"]}, "components": [], "identifiers": {}, "ocil_clause": "the Oracle GPG Key is not installed", "ocil": "To ensure that the GPG key is installed, run:\n<pre>$ rpm -q --queryformat \"%{SUMMARY}\\n\" gpg-pubkey</pre>\nThe command should return the string below:\n<pre>gpg(Oracle OSS group (Open Source Software group) &lt;build@oss.oracle.com&gt;</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Ensure Oracle Linux GPG Key Installed", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/updating/ensure_oracle_gpgkey_installed/rule.yml", "template": null}