AlmaLinux OS Foundation provides errata to inform users about available updates, including security issues and bug fixes, and their significance through analysis. Users can easily access this information by accessing our AlmaLinux security advisory portal, known as AlmaLinux Errata. More details on Errata and how to use it can be found on the AlmaLinux Errata Wiki page.
Additionally, AlmaLinux OS is present in the OSV database.
Errata in JSON format for 3rd party software integration:
Security Measures
Errata
GPG Keys
AlmaLinux OS Foundation signs all of its software packages using a GPG signature key, which is verified by default when installing packages via dnf or graphical update tools. If a package is not signed or has an invalid signature, dnf or graphical update tools will warn the user and will refuse to install it.
It’s recommended to verify the signature of a package before you install it.
AlmaLinux OS 10 / AlmaLinux OS Kitten 10
AlmaLinux OS 10 / AlmaLinux OS Kitten 10 rsa4096/DEE5C11CC2A1E572 (2024-07-11): AlmaLinux OS 10 <packager@almalinux.org> Location: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-10 Download: AlmaLinux Download: pgp.mit.edu
EE6D B7B9 8F5B F5ED D9DA 0DE5 DEE5 C11C C2A1 E572
AlmaLinux OS 9
rsa4096/D36CB86CB86B3716 (2022-01-18): AlmaLinux OS 9 <packager@almalinux.org> Location: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9 Download: AlmaLinux Download: pgp.mit.eduBF18 AC28 7617 8908 D6E7 1267 D36C B86C B86B 3716
AlmaLinux OS 8 #1
* Expired but remains a trusted key.
5E9B 8F56 17B5 066C E920 57C3 488F CF7C 3ABB 34F8
AlmaLinux OS 8 #2
rsa4096/2AE81E8ACED7258B (2023-10-10): AlmaLinux OS 8 <packager@almalinux.org> Location: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux Download: AlmaLinux Download: pgp.mit.eduBC5E DDCA DF50 2C07 7F15 8288 2AE8 1E8A CED7 258B
ELevate
rsa4096/429785E181B961A5 (2021-08-20): ELevate <packager@almalinux.org> Location: /etc/pki/rpm-gpg/RPM-GPG-KEY-ELevate Download: AlmaLinux Download: pgp.mit.edu74E7 F249 EE69 8A4D ACFB 48C8 4297 85E1 81B9 61A5
Security Mailing List
To receive security updates and errata, users can sign up for the AlmaLinux Security Mailing List. Subscribing to the list will allow users to stay informed and updated on any security fixes as soon as they are available.
OpenSCAP and SCAP Workbench
The Security Content Automation Protocol (SCAP) automates vulnerability management, measurement, and policy compliance evaluation of systems. AlmaLinux OS offers an OpenSCAP Guide that instructs on how to use the OpenSCAP and SCAP Workbench to audit your AlmaLinux system security compliance.
AlmaLinux OS also has the availability of the CIS Benchmark.
OVAL
The Open Vulnerability and Assessment Language (OVAL), offers publicly accessible security information. This includes AlmaLinux OS 8 and 9, which have available public OVAL streams.
You can find more about OVAL Streams on the AlmaLinux OVAL Wiki Page.
SBOM
The Software Bill of Materials (SBOM) provides a comprehensive list of third-party and open-source components in a codebase, including version numbers, licensing information, and potential vulnerabilities.
AlmaLinux Build System已将SBOM实施到其管道中,以实现安全目的,例如跟踪构建过程,使其更加安全,并降低数据损坏的风险。
阅读详情
about SBOM integration in AlmaLinux.
AlmaLinux OS also provides
AlmaLinux SBOM User Guide
Secure Boot
Secure Boot is a security feature that ensures a system boots only with trusted software, preventing the loading of unauthorized operating systems or software that could potentially compromise the system's integrity.
AlmaLinux provides Secure Boot support starting with the AlmaLinux 8.4 release.
AlmaLinux shim passes the official review and is signed by Microsoft.
AlmaLinux shim trusts 3 certificates:
almalinux-sb-cert-1.der
* Expired but remains a trusted key.
almalinux-sb-cert-2.der
* Expired but remains a trusted key.
