← Back to Solaris 11 x86 Security Technical Implementation Guide

V-219997

CAT II (Medium)

The system must verify that package updates are digitally signed.

Rule ID

SV-219997r854557_rule

STIG

Solaris 11 x86 Security Technical Implementation Guide

Version

V2R10

CCIs

SV-60755

Discussion

Digitally signed packages ensure that the source of the package can be identified.

Check Content

Determine what the signature policy is for pkg publishers:

# pkg property | grep signature-policy

Check that output produces:

signature-policy verify

If the output does not confirm that signature-policy verify is active, this is a finding.

Fix Text

The Software Installation Profile is required.

Configure the package system to ensure that digital signatures are verified.

# pfexec pkg set-property signature-policy verify