An error occurred:

Check: GEN008800

SUSE Linux Enterprise Server v11 for System z STIG: GEN008800 (in versions v1 r12 through v1 r9)

Title

The system package management tool must cryptographically verify the authenticity of software packages during installation. (Cat III impact)

Discussion

To prevent the installation of software from unauthorized sources, the system package management tool must use cryptographic algorithms to verify the packages are authentic.

Check Content

Ensure that the suse-build-key package is installed and the build-key file exists: # rpm –ql suse-build-key # ls –l /usr/lib/rpm/gnupg/suse-build-key.gpg Ensure that the value of the CHECK_SIGNATURES variable is set to “yes” # grep –i check_signature /etc/sysconfig/security If the /usr/lib/rpm/gnupg/suse-build-key.gpg file does not exist or CHECK_SIGNATURES is not set to “yes”, this is a finding.

Fix Text

Install the suse-build-key package from the vendor repository # rpm –Uvh suse-build-key-<current version>.noarch.rpm && SuSEconfig Use the YaST System > “/etc/sysconfig Editor” module to set the value of the CHECK_SIGNATURES variable to “yes”. It can be found by expanding the plus signs for System > Security > PolicyKit

Additional Identifiers

Rule ID: SV-46080r2_rule

Vulnerability ID: V-22588

Group Title: GEN008800

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000351

The organization defines critical software programs that the information system will prevent from being installed if such software programs are not signed with a recognized and approved certificate.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check