Security bulletins, Validating rpm signatures, Checking which public keys are installed – HP Systems Insight Manager User Manual

mxglobalsettings -s ANNOTATION_SIGN_IN_PAGE_HTML=alwayson.company.com
mxglobalsettings -s "ANNOTATION_BANNER_HTML=- alwayson.company.com"
mxglobalsettings -s "ANNOTATION_BROWSER_TITLE_TEXT=- alwayson.company.com"

Security bulletins

HP software products contain multiple third-party components, such as OpenSSL. HP discloses that
the non-HP owned software components listed in the HP Systems Insight Manager end user license
agreement (EULA) are included with HP Systems Insight Manager.
To view the EULA, use a text editor to open the eula_license.xml file, and search for
third-party software

.

HP addresses security bulletins for the software components listed in the EULA with the same level
of support afforded HP products. HP is committed to reducing security defects and helping you
mitigate the risks associated with security defects when they do occur.
HP has a well defined process when a security defect is found that culminates with the publication
of a security bulletin. The security bulletin provides you with a high level description of the problem
and explains how to mitigate the security defect.

Procedure 37 Subscribing to security bulletins

1.

Open a browser to the HP home page:

http://www.hp.com

2.

Click the Support & Drivers tab.

3.

Click Sign up: driver, support, & security alerts, which appears under Additional Resources
in the right navigation pane.

4.

Select Business & IT Professionals to open the Subscriber's Choice web page.

5.

Do one of the following:

•

Sign in if you are a registered customer.

•

Enter your email address to sign-up now. Select Driver and Support alerts and click
Continue.

Validating RPM signatures

The RPMs for Systems Insight Manager for Linux are digitally signed with HP's official private key.
You can use the rpm-hpPublicKey.pub provided with the Systems Insight Manager's Linux
distribution or go to the official HP website to download HP's public code signing key.

Checking which public keys are installed

Check which public keys are installed on your system with the following command:

# rpm -q grep-pubkey

Where grep-pubkey finds all the public keys installed on the system.
Alternatively, you can use the rpm -qi command to show more details about the certificates.
The following procedure installs HP's code signing public key.

# rpm --import rpm-hpPublicKey.pub

Validate the signature on an RPM

Use the rpm  -checksig" command to validate and verify the digital signature of an RPM. The
output from the command indicates whether or not the RPM is correctly signed, as shown in the
example below:

# rpm --checksig <hpsimrpm>

148

Important Notes