On 10/ 3/12 02:25 AM, David Halko wrote: > SVR4 packages include the ability to perform integrity checks of the > installed package against an accepted manifest. This offers security > checking options to ensure that scripts & binaries have proper permissions > and have not been tampered with (i.e. viruses, worms, malware protection) > while supporting volatile files (so security checks are not tripped up by > config file changes, log file rotations, etc.) I am uncertain whether the > newer IPS offers this level of post-install and lifecycle integrity > checking, since I never needed to audit a Solaris 11 / Illumos production > platform.
It does, including options for checking of cryptographic signatures of the manifest data, if the IPS package provider signed them. http://docs.oracle.com/cd/E19963-01/html/820-6572/gkkos.html -- -Alan Coopersmith- [email protected] Oracle Solaris Engineering - http://blogs.oracle.com/alanc _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
