SV-216283r603267_rule
V-216283
SRG-OS-000257
SOL-11.1-020040
CAT II
10
The Software Installation Profile is required.
Configure the package system to ensure that digital signatures are verified.
# pfexec pkg set-property signature-policy verify
Check that package permissions are configured per vendor requirements.
# pfexec pkg verify
If any errors are reported unrelated to STIG changes, use:
# pfexec pkg fix
to bring configuration settings and permissions into factory compliance.
The Software Installation Profile is required.
Determine what the signature policy is for pkg publishers:
# pkg property | grep signature-policy
Check that output produces:
signature-policy verify
If the output does not confirm that signature-policy verify is active, this is a finding.
Check that package permissions are configured and signed per vendor requirements.
# pkg verify
If the command produces any output unrelated to STIG changes, this is a finding.
There is currently a Solaris 11 bug 16267888 which reports pkg verify errors for a variety of python packages. These can be ignored.
V-216283
False
SOL-11.1-020040
The Software Installation Profile is required.
Determine what the signature policy is for pkg publishers:
# pkg property | grep signature-policy
Check that output produces:
signature-policy verify
If the output does not confirm that signature-policy verify is active, this is a finding.
Check that package permissions are configured and signed per vendor requirements.
# pkg verify
If the command produces any output unrelated to STIG changes, this is a finding.
There is currently a Solaris 11 bug 16267888 which reports pkg verify errors for a variety of python packages. These can be ignored.
M
4022