[OpenIndiana-discuss] from the lost to the river

Alan Coopersmith alan.coopersmith at oracle.com
Wed Oct 3 13:58:58 UTC 2012


On 10/ 3/12 02:25 AM, David Halko wrote:
> SVR4 packages include the ability to perform integrity checks of the
> installed package against an accepted manifest. This offers security
> checking options to ensure that scripts & binaries have proper permissions
> and have not been tampered with (i.e. viruses, worms, malware protection)
> while supporting volatile files (so security checks are not tripped up by
> config file changes, log file rotations, etc.) I am uncertain whether the
> newer IPS offers this level of post-install and lifecycle integrity
> checking, since I never needed to audit a Solaris 11 / Illumos production
> platform.

It does, including options for checking of cryptographic signatures of the
manifest data, if the IPS package provider signed them.

http://docs.oracle.com/cd/E19963-01/html/820-6572/gkkos.html

-- 
	-Alan Coopersmith-              alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc



More information about the OpenIndiana-discuss mailing list