Correct, we do list MD5s for the Vuln Catalog update and for the WAU tgz itself in prior versions of the wau-readme. I thought that you were asking about MD5 sums for each individual DSM, which have not existed for quite some time. I'm not sure why the [autoupdate file] name and MD5 are missing as you pointed out. You are correct as the sum for the overall tgz was previously listed, but it not in the last two releases it was not. I'll ask about this, but the big picture has to do with RPMs being signed and checked at install. I talked to our Product Security team about this as I do not think RPM signing is written up anywhere to see if we can create a tech note on the topic for users. As we just released a code signing script update for SFS/ISO files, I asked why we don't list .sig files for individual RPMs. This is because each RPM file is internally signed and checked at install, which is the reason why we don't post public .sig or .cosign files for RPMs like we do for SFS, ISOs, and scripts.
------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com
------------------------------
Original Message:
Sent: Wed August 02, 2023 02:44 AM
From: Corine Ross
Subject: autoupdate package on Fix Central
Jonathan, thanks for your response. Always detailed and very much appreciated. I will upload the a couple of was-readme.(date).txt files that were downloaded in June 2023 which includes the md5sum. I noticed in July the recently downloaded was-readme.(date).txt file no longer included the md5sum. Given that the rpm is code signed and verified during the yum install, it is not required to verify md5sum. That works for me. Thanks again for your response.
------------------------------
Corine Ross
Original Message:
Sent: Tue August 01, 2023 04:49 PM
From: Jonathan Pechta
Subject: autoupdate package on Fix Central
All files delivered and packaged within the RPM installer for QRadar are code-signed. Each RPM file that is installed through a weekly auto update or manually, gets checked internally during the yum install to confirm that the file is code signed or it will not install on the Console. I looked back through my notes and I don't think the WAU files have included an MD5 sum in over a year. I'm not sure if we have any support articles on how RPM signing works, but all files are code-signed per IBM standard.
For example, these were my WAU notes from Oct 26, 2022 and none of the files display an MD5 in the text file.
[DSM]
PROTOCOL-SNMP-7.4-20220928225439.noarch.rpm
PROTOCOL-SNMP-7.5-20220928225435.noarch.rpm
DSM-IBMSecurityReaQta-7.4-20221020164954.noarch.rpm
DSM-IBMSecurityReaQta-7.5-20221020164951.noarch.rpm
PROTOCOL-IBMSecurityReaQtaRESTAPI-7.4-20221019191411.noarch.rpm
PROTOCOL-IBMSecurityReaQtaRESTAPI-7.5-20221019191405.noarch.rpm
PROTOCOL-MicrosoftGraphSecurityAPI-7.5-20220930123930.noarch.rpm
PROTOCOL-MicrosoftGraphSecurityAPI-7.4-20220930123923.noarch.rpm
DSM-MicrosoftWindowsDefenderATP-7.4-20220928095606.noarch.rpm
DSM-MicrosoftWindowsDefenderATP-7.5-20220926180023.noarch.rpm
I might need to dig deeper to find out more, but the MD5 sums have not been part of the wau-readme.{date}.txt file for a while.
------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com
Original Message:
Sent: Tue August 01, 2023 03:07 AM
From: Corine Ross
Subject: autoupdate package on Fix Central
The autoupdate packages on Fix Central included a wau-readme file. The wau-readme file in the past included a md5sum value to verify the autoupdate*.tgz file intergity. The wau-readme file no longer provide a md5sum for the autoupdate*.tgz file. QRadar is deployed in an air-gapped environment with no internet access. Is there a reason that the wau-readme no longer includes the md5sum for the autoupdate*.tgz. There is no Linux system that has internet access.
------------------------------
Corine Ross
------------------------------