All packages shipped by (Undefined variable: General.vendor) come with a signature. Signature verification depends on the platform:
-
MacOS packages are signed by an Apple developer certificate.
-
Linux, FreeBSD, AIX, Solaris and HP-UX packages are signed with a PGP key.
You can find the public key at pgp.mit.edu and at keyserver.ubuntu.com.
To fetch the public key, use its id:
gpg --keyserver <keyserver> --recv C5C4EC20AFB5B8E678085F81B161CD624417450C
You can also find the same public key in the oneidentity_pgpkey.pub file. To import it, use the following command:
gpg --import oneidentity_pgpkey.pub
To verify package signature
-
Download the public key.
-
Verify the files.
-
For platforms with separate .sig file signatures, use gpg2:
gpg --verify <file>.sig <file>
-
For rpm packages, import the public key into the rpm's database:
gpg --export -a "C5C4EC20AFB5B8E678085F81B161CD624417450C" >pubkey
rpm --import pubkey
And verify with:
rpm --checksig --verbose <file>
-
For debian packages, use debsig-verify.
The first thing you must do is install and configure the host you want to use as your primary policy server.
Safeguard comes with a Preflight program that checks to see if your system meets the install requirements.
To check for installation readiness
- Log on as the root user.
- Change to the directory containing the qpm-server package for your specific platform.
For example, on a 64-bit Red HatLinux, run:
# cd server/linux-x86_64
- Check if the pmpreflight command is executable. If it is not, run:
# chmod 755 pmpreflight
- To verify your primary policy server host meets installation requirements, run:
# sh pmpreflight.sh --server
NOTE: The pmpreflight.sh shell script is not in the same directory as the pmpreflight binary. It is directly under the 7.2.2 directory. The user needs to change directory before running the script.
Running pmpreflight.sh --server performs these tests:
- Basic Network Conditions:
- Hostname is configured
- Hostname can be resolved
- Reverse lookup returns its own IP
- Safeguard Server Network Requirements:
- Policy server port is available (TCP/IP port 12345)
- Safeguard Prerequisites:
- Resolve any reported issues and rerun pmpreflight until all tests pass.
Safeguard uses TCP/IP to communicate with networked computers, so it is essential that you have TCP/IP correctly configured. If you cannot use programs such as ssh and ping to communicate between your computers, then TCP/IP is not working properly; consult your system administrator to find out why and make appropriate changes.
Ensure that your host has a statically assigned IP address and that your host name is not configured to the loopback IP address 127.0.0.1 in the /etc/hosts file.