All packages shipped by One Identity come with a signature. Signature verification depends on the platform:
-
MacOS packages are signed by an Apple developer certificate.
-
Linux, FreeBSD, AIX, Solaris and HP-UX packages are signed with a PGP key.
You can find the public key at pgp.mit.edu and at keyserver.ubuntu.com.
To fetch the public key, use its id:
gpg --keyserver <keyserver> --recv C5C4EC20AFB5B8E678085F81B161CD624417450C
You can also find the same public key in the oneidentity_pgpkey.pub file. To import it, use the following command:
gpg --import oneidentity_pgpkey.pub
To verify package signature
-
Download the public key.
-
Verify the files.
-
For platforms with separate .sig file signatures, use gpg2:
gpg --verify <file>.sig <file>
-
For rpm packages, import the public key into the rpm's database:
gpg --export -a "C5C4EC20AFB5B8E678085F81B161CD624417450C" >pubkey
rpm --import pubkey
And verify with:
rpm --checksig --verbose <file>
-
For debian packages, use debsig-verify.
The first thing you must do is install and configure the host you want to use as your primary policy server.
Safeguard comes with a Preflight program that checks to see if your system meets the install requirements.
To check for installation readiness
- Log on as the root user.
- Change to the directory containing the qpm-server package for your specific platform.
For example, on a 64-bit Red HatLinux, run:
# cd server/linux-x86_64
- To ensure that the pmpreflight command is executable, run:
# chmod 755 pmpreflight
- To verify your primary policy server host meets installation requirements, run:
# sh pmpreflight.sh --server
Running pmpreflight.sh --server performs these tests:
- Basic Network Conditions:
- Hostname is configured
- Hostname can be resolved
- Reverse lookup returns its own IP
- Safeguard Server Network Requirements:
- Policy server port is available (TCP/IP port 12345)
- Safeguard Prerequisites:
- Resolve any reported issues and rerun pmpreflight until all tests pass.
Safeguard uses TCP/IP to communicate with networked computers, so it is essential that you have TCP/IP correctly configured. If you cannot use programs such as ssh and ping to communicate between your computers, then TCP/IP is not working properly; consult your system administrator to find out why and make appropriate changes.
Ensure that your host has a statically assigned IP address and that your host name is not configured to the loopback IP address 127.0.0.1 in the /etc/hosts file.