Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22588 | GEN008800 | SV-46080r1_rule | ECSC-1 | Low |
Description |
---|
To prevent the installation of software from unauthorized sources, the system package management tool must use cryptographic algorithms to verify the packages are authentic. |
STIG | Date |
---|---|
SUSE Linux Enterprise Server v11 for System z | 2012-12-13 |
Check Text ( C-43338r1_chk ) |
---|
Ensure that the suse-build-key package is installed and the build-key file exists: # rpm –ql suse-build-key # ls –l /usr/lib/rpm/gnupg/suse-build-key.gpg Ensure that the value of the CHECK_SIGNATURES variable is set to “yes” # grep –I check_signature /etc/sysconfig/security If the /usr/lib/rpm/gnupg/suse-build-key.gpg file does not exist or CHECK_SIGNATURES is not set to “yes”, this is a finding. |
Fix Text (F-39426r2_fix) |
---|
Install the suse-build-key package from the vendor repository # rpm –Uvh suse-build-key- Use the YaST System > “/etc/sysconfig Editor” module to set the value of the CHECK_SIGNATURES variable to “yes”. It can be found by expanding the plus signs for System > Security > PolicyKit |