UCF STIG Viewer Logo

The system must verify that package updates are digitally signed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-219969 SOL-11.1-020020 SV-219969r854532_rule Medium
Description
Digitally signed packages ensure that the source of the package can be identified.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2022-11-18

Details

Check Text ( C-21679r370931_chk )
Determine what the signature policy is for pkg publishers:

# pkg property | grep signature-policy

Check that output produces:

signature-policy verify

If the output does not confirm that signature-policy verify is active, this is a finding.
Fix Text (F-21678r370932_fix)
The Software Installation Profile is required.

Configure the package system to ensure that digital signatures are verified.

# pfexec pkg set-property signature-policy verify