UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must verify that package updates are digitally signed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-47883 SOL-11.1-020020 SV-60755r1_rule Medium
Description
Digitally signed packages ensure that the source of the package can be identified.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2017-09-20

Details

Check Text ( C-50319r1_chk )
Determine what the signature policy is for pkg publishers:

# pkg property | grep signature-policy

Check that output produces:

signature-policy verify

If the output does not confirm that signature-policy verify is active, this is a finding.
Fix Text (F-51495r1_fix)
The Software Installation Profile is required.

Configure the package system to ensure that digital signatures are verified.

# pfexec pkg set-property signature-policy verify