AlmaLinux 9.4 and AlmaLinux 8.10 are both stable! Checkout AlmaLinux OS 9.4 Stable und AlmaLinux OS 8.10 Stable for more information!

Sicherheitsmaßnahmen

Errata

AlmaLinux OS Foundation provides errata to inform users about available updates, including security issues and bug fixes, and their significance through analysis. Users can easily access this information by accessing our AlmaLinux security advisory portal, known as AlmaLinux Errata. Mehr Details zu Errata und wie man es verwendet, finden Sie auf der AlmaLinux Errata Wikiseite.
Weiters findet man AlmaLinux OS in der OSV Datenbank.

Errata im JSON-Format für Third-Party Softwareintegration:

GPG Keys

AlmaLinux OS Foundation signs all of its software packages using a GPG signature key, which is verified by default when installing packages via dnf or graphical update tools. If a package is not signed or has an invalid signature, dnf or graphical update tools will warn the user and will refuse to install it.
Es wird empfohlen, die Signatur eines Pakets vor dem Installieren zu verifizieren.

AlmaLinux OS 9

rsa4096/D36CB86CB86B3716 (2022-01-18): AlmaLinux OS 9 <packager@almalinux.org> Ort: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9 Download: AlmaLinux Download: pgp.mit.edu

BF18 AC28 7617 8908 D6E7 1267 D36C B86C B86B 3716

AlmaLinux OS 8

rsa4096/488FCF7C3ABB34F8 (2021-01-12): AlmaLinux <packager@almalinux.org> Ort: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux Download: AlmaLinux Download: pgp.mit.edu

5E9B 8F56 17B5 066C E920 57C3 488F CF7C 3ABB 34F8


rsa4096/2AE81E8ACED7258B (2023-10-10): AlmaLinux OS 8 <packager@almalinux.org> Ort: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux Download: AlmaLinux Download: pgp.mit.edu

BC5E DDCA DF50 2C07 7F15 8288 2AE8 1E8A CED7 258B

Security Mailing List

Um Sicherheitsupdates und Errata zu erhalten, können sich User eintragen für die AlnaLinux Security Mailingliste. Subscribing to the list will allow users to stay informed and updated on any security fixes as soon as they are available.

OpenSCAP and SCAP Workbench

The Security Content Automation Protocol (SCAP) automates vulnerability management, measurement, and policy compliance evaluation of systems. AlmaLinux OS offers an OpenSCAP Guide that instructs on how to use the OpenSCAP and SCAP Workbench to audit your AlmaLinux system security compliance.

AlmaLinux OS also has the availability of the CIS Benchmark.

OVAL

The Open Vulnerability and Assessment Language (OVAL), offers publicly accessible security information. This includes AlmaLinux OS 8 and 9, which have available public OVAL streams.

Sie finden mehr Informationen über OVAL Streams auf der AlmaLinux OVAL Wikiseite.

SBOM

The Software Bill of Materials (SBOM) provides a comprehensive list of third-party and open-source components in a codebase, including version numbers, licensing information, and potential vulnerabilities. AlmaLinux Build System has implemented SBOM into its pipeline for security purposes, such as tracing the build process, making it more secure, and reducing the risk of data corruption. Mehr lesen about SBOM integration in AlmaLinux.
AlmaLinux OS also provides AlmaLinux SBOM User Guide

Secure Boot

Secure Boot is a security feature that ensures a system boots only with trusted software, preventing the loading of unauthorized operating systems or software that could potentially compromise the system's integrity.
AlmaLinux bietet Support für Secure Boot beginnend mit dem Release von AlmaLinux 8.4.
AlmaLinux shim passes the Offizielle Review und ist signiert von Microsoft.

AlmaLinux shim trusts 3 certificates:

almalinux-sb-cert-1.der

Signiert für: AlmaLinux OS Foundation Geprüft von: Sectigo Public Code Signing CA EV R36 Gültig bis: 30.01.2025

almalinux-sb-cert-2.der

Signiert für: AlmaLinux OS Foundation Geprüft von: SSL.com EV Code Signing Intermediate CA RSA Gültig bis: 19.01.2025

almalinux-sb-cert-3.der

Signiert für: AlmaLinux Secure Boot CA Geprüft von: AlmaLinux Secure Boot CA Gültig bis: 14.03.2034