Linux Agent RPM not signed?

During a recent InfoSec scan we noticed that the swiagent isn't showing signed. Anyone else notice this? Reaching out to support hasn't helped with this issue since they are saying it's self-signed, but it's not showing that.

Command: [root@{SERVERNAME} ~]# rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGPGP:pgpsig}\n' |egrep 'none\)$' | grep -v gpg-pubkey

returns: swiagent~2020.2.5.2593~242356f~(none)

Find more posts tagged with

Linux

orion installer

Agent

Accepted answers

aLTeReGo

There is an open feature request for this located at the link below. Unfortunately, support was mistaken and you are correct. Orion's Linux Agent RPMs are not self-signed, or signed in any way currently.

https://thwack.solarwinds.com/product-forums/server-application-monitor-sam/i/feature-requests/create-gpg-key-for-linux-agent

All comments

aLTeReGo

https://thwack.solarwinds.com/product-forums/server-application-monitor-sam/i/feature-requests/create-gpg-key-for-linux-agent

msites

Upvoted, but given todays security landscape, this seems like something that should be implemented sooner rather than later? It looks like it's a feature request from 2017.