troubleshooting Question

GPG keys configuration for RHEL7: what's best practice?

Avatar of sunhux
sunhux asked on
LinuxOS Security
3 Comments1 Solution114 ViewsLast Modified:
CIS RHEL7 doc recommends 1.2.3 GPG keys are configured according to site policy.

What's the best practice?

On my RHEL7, got the following, is it best-practice/compliant?
$ rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
gpg-pubkey-fd431d51-4ae0493b --> gpg(Red Hat, Inc. (release key 2) <security@redhat.com>)
gpg-pubkey-2fa658e0-45700c69 --> gpg(Red Hat, Inc. (auxiliary key) <security@redhat.com>)
gpg-pubkey-7668xxxx-58axxxxx --> gpg(Docker Release (EE rpm) <docker@docker.com>)
ASKER CERTIFIED SOLUTION
David Favor
Fractional CTO
Join our community to see this answer!
Unlock 1 Answer and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros