dockeruser
/
almalinux.org
mirror of https://github.com/AlmaLinux/almalinux.org.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1938 Commits
18 Branches
0 Tags
457 MiB
 
 
 
 
 
 
Tree: 2a0dcffead
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2a0dcffead'
${ noResults }
almalinux.org/layouts/security/single.html

253 lines
17 KiB
Raw Blame History

{{ define "main" }}
<style>
@media (max-width: 1200px){
.items__01 {
word-wrap: break-word;
display:flex;
flex-direction: column;
}
.itemAl_02 {
padding-left: 0px!important;
}
.itemAl_04 {
padding-left: 0px!important;
}
.AL {
word-wrap: break-word;
display:flex;
flex-direction: column;
}
}
</style>
<div class="al-body-container">
<section class="al-page-index">
<div class="al-index-security-measures-container">
<div class="container al-py-lg">
<h1 class="pb-2 text-center">{{ i18n "Security Measures" }}</h1>
<div class="Errata-container" style="display: flex; flex-direction: column; padding: 40px 20px;">
<h2 class="pb-2 text-center border-bottom" style="border-bottom-color: #14598a!important;">Errata</h2>
<div class="al-article-content pb-3 al-wysiwyg" style="padding: 0px!important;">
<section>
<p>
{{ i18n "AlmaLinux OS Foundation provides errata to inform users about available updates, including security issues and bug fixes, and their significance through analysis. Users can easily access this information by accessing our AlmaLinux security advisory portal, known as " }}<a href="https://errata.almalinux.org/">{{ i18n "AlmaLinux Errata" }}</a>. {{ i18n "More details on Errata and how to use it can be found on the " }}<a href="https://wiki.almalinux.org/documentation/errata.html">{{ i18n "AlmaLinux Errata Wiki page" }}</a>. <br> {{ i18n "Additionally, AlmaLinux OS is present in the " }}<a href="https://github.com/AlmaLinux/osv-database">{{ i18n "OSV database" }}</a>.<br><br>
{{ i18n "Errata in JSON format for 3rd party software integration:" }}
</p>
<div class="AL" style="display: flex;">
<div class="itemAl_01" style="width: 300px;">
<b><a href="https://errata.almalinux.org/9/errata.full.json">{{ i18n "errata.full.json for AlmaLinux OS 9" }}</a></b>
</div>
<div class="itemAl_02">
<b><a href="https://errata.almalinux.org/8/errata.full.json">{{ i18n "errata.full.json for AlmaLinux OS 8" }}</a></b>
</div>
</div>
</section>
</div>
</div>
<div class="GPGKeys-container" style="display: flex; flex-direction: column; padding: 40px 20px;">
<h2 class="pb-2 text-center border-bottom" style="border-bottom-color: #14598a!important;">GPG Keys</h2>
<div class="al-article-content pb-3 al-wysiwyg" style="padding: 0px!important;">
<section>
<p>
{{ i18n "AlmaLinux OS Foundation signs all of its software packages using a GPG signature key, which is verified by default when installing packages via dnf or graphical update tools. If a package is not signed or has an invalid signature, dnf or graphical update tools will warn the user and will refuse to install it." }}<br>
{{ i18n "It’s recommended to verify the signature of a package before you install it." }}
</p>
<div class="AL" style="display: flex; justify-content: space-between;">
<div class="itemAl_01" style="display: flex; flex-direction: column;">
<h3>AlmaLinux OS 9</h3>
<span><b>rsa4096/D36CB86CB86B3716 (2022-01-18):</b></span>
<span>AlmaLinux OS 9 &lt;packager@almalinux.org&gt;</span>
<span><b>{{ i18n "Location:" }}</b> /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9</span>
<span><b>{{ i18n "Download:" }}</b> <a
href="https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-9">AlmaLinux</a></span>
<span><b>{{ i18n "Download:" }}</b> <a
href="https://pgp.mit.edu/pks/lookup?op=index&search=0xD36CB86CB86B3716">pgp.mit.edu</a></span>
<div class="container-locks"
style="display: flex; justify-content: flex-start; align-items: center; margin-top: 15px;">
<img class="Photo__Lock" style="width: 40px; height: 40px;" src="/images/alma-fingerprint-A.svg" />
<div style="display: flex; flex-direction: column;">
<p style="margin-left: 10px; font-family: monospace; font-size: 14px; color: #fff;">
BF18 AC28 7617 8908 D6E7 1267 D36C B86C B86B 3716
</p>
</div>
</div>
</div>
<div class="itemAl_04" style="display: flex; flex-direction: column;">
<h3>AlmaLinux OS 8 #2</h3>
<span><b>rsa4096/2AE81E8ACED7258B (2023-10-10):</b></span>
<span>AlmaLinux OS 8 &lt;packager@almalinux.org&gt;</span>
<span><b>{{ i18n "Location:" }}</b> /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux</span>
<span><b>{{ i18n "Download:" }}</b> <a
href="https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux">AlmaLinux</a></span>
<span><b>{{ i18n "Download:" }}</b> <a
href="https://pgp.mit.edu/pks/lookup?op=index&search=0x2AE81E8ACED7258B">pgp.mit.edu</a></span>
<div class="container-locks"
style="display: flex; justify-content: flex-start; align-items: center; margin-top: 15px;">
<img class="Photo__Lock" style="width: 40px; height: 40px;" src="/images/alma-fingerprint-A.svg" />
<div style="display: flex; flex-direction: column;">
<p style="margin-left: 10px; font-family: monospace; font-size: 14px; color: #fff;">
BC5E DDCA DF50 2C07 7F15 8288 2AE8 1E8A CED7 258B
</p>
</div>
</div>
</div>
</div>
<div class="AL" style="display: flex; justify-content: space-between;">
<div class="itemAl_03" style="display: flex; flex-direction: column;">
<h3>ELevate</h3>
<span><b>rsa4096/429785E181B961A5 (2021-08-20):</b></span>
<span>ELevate &lt;packager@almalinux.org&gt;</span>
<span><b>{{ i18n "Location:" }}</b> /etc/pki/rpm-gpg/RPM-GPG-KEY-ELevate</span>
<span><b>{{ i18n "Download:" }}</b> <a
href="https://repo.almalinux.org/elevate/RPM-GPG-KEY-ELevate">AlmaLinux</a></span>
<span><b>{{ i18n "Download:" }}</b> <a
href="https://pgp.mit.edu/pks/lookup?op=index&search=0x429785E181B961A5">pgp.mit.edu</a></span>
<div class="container-locks"
style="display: flex; justify-content: flex-start; align-items: center; margin-top: 15px;">
<img class="Photo__Lock" style="width: 40px; height: 40px;" src="/images/alma-fingerprint-A.svg" />
<div style="display: flex; flex-direction: column;">
<p style="margin-left: 10px; font-family: monospace; font-size: 14px; color: #fff;">
74E7 F249 EE69 8A4D ACFB 48C8 4297 85E1 81B9 61A5
</p>
</div>
</div>
</div>
<div class="itemAl_02" style="padding-left: 20px; display: flex; flex-direction: column;">
<div class="wrapper" style="display: flex;">
<h3>AlmaLinux OS 8 #1</h3>
<p class="valid_date" style="margin-top: 17px; font-size: 11px; font-weight: 700;">* {{ i18n "Expired but remains a trusted key." }}</p>
</div>
<span><b>rsa4096/488FCF7C3ABB34F8 (2021-01-12):</b></span>
<span>AlmaLinux &lt;packager@almalinux.org&gt;</span>
<span><b>{{ i18n "Location:" }}</b> /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux</span>
<span><b>{{ i18n "Download:" }}</b> <a
href="https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux">AlmaLinux</a></span>
<span><b>{{ i18n "Download:" }}</b> <a
href="https://pgp.mit.edu/pks/lookup?op=index&search=0x488FCF7C3ABB34F8">pgp.mit.edu</a></span>
<div class="container-locks"
style="display: flex; justify-content: flex-start; align-items: center; margin-top: 15px;">
<img class="Photo__Lock" style="width: 40px; height: 40px;" src="/images/alma-fingerprint-A.svg" />
<p style="margin-left: 10px; font-family: monospace; font-size: 14px; color: #fff;">
5E9B 8F56 17B5 066C E920 57C3 488F CF7C 3ABB 34F8
</p>
</div>
</div>
</div>
</section>
</div>
</div>
<div class="SecurityMailingList-container" style="display: flex; flex-direction: column; padding: 40px 20px;">
<h2 class="pb-2 text-center border-bottom" style="border-bottom-color: #14598a!important;">Security Mailing List</h2>
<div class="al-article-content pb-3 al-wysiwyg" style="padding: 0px!important;">
<section>
<p>
{{ i18n "To receive security updates and errata, users can sign up for the " }}
<a href="https://lists.almalinux.org/mailman3/lists/security.lists.almalinux.org/">{{ i18n "AlmaLinux Security Mailing List" }}</a>.
{{ i18n "Subscribing to the list will allow users to stay informed and updated on any security fixes as soon as they are available." }}
</p>
</section>
</div>
</div>
<div class="OpenSCAPandSCAPWorkbench-container" style="display: flex; flex-direction: column; padding: 40px 20px;">
<h2 class="pb-2 text-center border-bottom" style="border-bottom-color: #14598a!important;">OpenSCAP and SCAP Workbench</h2>
<div class="al-article-content pb-3 al-wysiwyg" style="padding: 0px!important;">
<section>
<p>
{{ i18n "The Security Content Automation Protocol (SCAP) automates vulnerability management, measurement, and policy compliance evaluation of systems. AlmaLinux OS offers an OpenSCAP Guide that instructs on how to use the OpenSCAP and SCAP Workbench to audit your AlmaLinux system security compliance." }}
</p>
<div class="AL" style="display: flex;">
<div class="itemAl_01" style="width: 300px;">
<b><a href="https://wiki.almalinux.org/documentation/openscap-guide-for-9.html">{{ i18n "OpenSCAP Guide for AlmaLinux OS 9" }}</a></b>
</div>
<div class="itemAl_02">
<b><a href="https://wiki.almalinux.org/documentation/openscap-guide.html">{{ i18n "OpenSCAP Guide for AlmaLinux OS 8" }}</a></b>
</div>
</div>
<p>
{{ i18n "AlmaLinux OS also has the availability of the CIS Benchmark." }}
</p>
</section>
</div>
</div>
<div class="OVAL-container" style="display: flex; flex-direction: column; padding: 40px 20px;">
<h2 class="pb-2 text-center border-bottom" style="border-bottom-color: #14598a!important;">OVAL</h2>
<div class="al-article-content pb-3 al-wysiwyg" style="padding: 0px!important;">
<section>
<p>
{{ i18n "The Open Vulnerability and Assessment Language (OVAL), offers publicly accessible security information. This includes AlmaLinux OS 8 and 9, which have available public OVAL streams." }}
</p>
<div class="AL" style="display: flex;">
<div class="itemAl_01" style="width: 300px;">
<b><a href="https://security.almalinux.org/oval/org.almalinux.alsa-9.xml">AlmaLinux OS 9</a></b>
</div>
<div class="itemAl_02">
<b><a href="https://security.almalinux.org/oval/org.almalinux.alsa-8.xml">AlmaLinux OS 8</a></b>
</div>
</div>
<p>
{{ i18n "You can find more about OVAL Streams on the " }}
<a href="https://wiki.almalinux.org/documentation/oval-streams.html">{{ i18n "AlmaLinux OVAL Wiki Page" }}</a>.
</p>
</section>
</div>
</div>
<div class="SBOM-container" style="display: flex; flex-direction: column; padding: 40px 20px;">
<h2 class="pb-2 text-center border-bottom" style="border-bottom-color: #14598a!important;">SBOM</h2>
<div class="al-article-content pb-3 al-wysiwyg" style="padding: 0px!important;">
<section>
<p>
{{ i18n "The Software Bill of Materials (SBOM) provides a comprehensive list of third-party and open-source components in a codebase, including version numbers, licensing information, and potential vulnerabilities." }}
{{ i18n "AlmaLinux Build System has implemented SBOM into its pipeline for security purposes, such as tracing the build process, making it more secure, and reducing the risk of data corruption. " }}
<a href="{{ "sbom" | relLangURL }}">{{ i18n "Read more" }}</a>
{{ i18n "about SBOM integration in AlmaLinux." }}<br>
{{ i18n "AlmaLinux OS also provides " }}
<a href="https://wiki.almalinux.org/documentation/sbom-guide.html">{{ i18n "AlmaLinux SBOM User Guide" }}</a>
</p>
</section>
</div>
</div>
<div class="SecureBoot-container" style="display: flex; flex-direction: column; padding: 40px 20px;">
<h2 class="pb-2 text-center border-bottom" style="border-bottom-color: #14598a!important;">Secure Boot</h2>
<div class="al-article-content pb-3 al-wysiwyg" style="padding: 0px!important;">
<section>
<p>
{{ i18n "Secure Boot is a security feature that ensures a system boots only with trusted software, preventing the loading of unauthorized operating systems or software that could potentially compromise the system's integrity." }}
<br>{{ i18n "AlmaLinux provides Secure Boot support starting with the AlmaLinux 8.4 release." }}
<br>{{ i18n "AlmaLinux shim passes the " }}<a href="https://github.com/AlmaLinux/shim-review">{{ i18n "official review" }}</a> {{ i18n "and is signed by Microsoft." }} <br>
<br>{{ i18n "AlmaLinux shim trusts 3 certificates:" }}
</p>
<div class="AL" style="display: flex; justify-content: space-between">
<div class="itemAl_01" style="display: flex; flex-direction: column;">
<div class="wrapper" style="display: flex;">
<h3><a href="https://git.almalinux.org/rpms/shim-unsigned-x64/raw/branch/a8/SOURCES/almalinux-sb-cert-1.der">almalinux-sb-cert-1.der</a></h3>
<p class="valid_date" style="margin-top: 17px; font-size: 11px; font-weight: 700;">* Expired but remains a trusted key.</p>
</div>
<span><b>{{ i18n "Signed for:" }}</b> AlmaLinux OS Foundation</span>
<span><b>{{ i18n "Verified by:" }}</b> Sectigo Public Code Signing CA EV R36</span>
<span><b>{{ i18n "Expired:" }}</b> 30.01.2025</span>
</div>
<div class="itemAl_02" style="display: flex; flex-direction: column;">
<div class="wrapper" style="display: flex;">
<h3><a href="https://git.almalinux.org/rpms/shim-unsigned-x64/raw/branch/a8/SOURCES/almalinux-sb-cert-2.der">almalinux-sb-cert-2.der</a></h3>
<p class="valid_date" style="margin-top: 17px; font-size: 11px; font-weight: 700;">* Expired but remains a trusted key.</p>
</div>
<span><b>{{ i18n "Signed for:" }}</b> AlmaLinux OS Foundation</span>
<span><b>{{ i18n "Verified by:" }}</b> SSL.com EV Code Signing Intermediate CA RSA</span>
<span><b>{{ i18n "Expired:" }}</b> 19.01.2025</span>
</div>
<div class="itemAl_03" style="display: flex; flex-direction: column;">
<h3><a href="https://git.almalinux.org/rpms/shim-unsigned-x64/raw/branch/a8/SOURCES/almalinux-sb-cert-3.der">almalinux-sb-cert-3.der</a></h3>
<span><b>{{ i18n "Signed for:" }}</b> AlmaLinux Secure Boot CA</span>
<span><b>{{ i18n "Verified by:" }}</b> AlmaLinux Secure Boot CA</span>
<span><b>{{ i18n "Expires:" }}</b> 14.03.2034</span>
</div>
</div>
</section>
</div>
</div>
</div>
</div>
</section>
</div>
{{ end }}