The Linux 7.1+ sensor includes the ability to verify the sensor install files before the sensor installation.
Manifest files are added as part of CarbonBlackClientSetup-linux-<version>.tgz and CarbonBlackSensorUpgrader-linux-<version>.tar.gz. These packages come with manifest.sha256 and manifest.sha256.asc.
Procedure
- Copy the following text to a file named public.asc:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.14 (GNU/Linux) mQENBFMsJ4kBCACp93MIPVj1NVY7HEZm+gFtRU7lihQr+7lYIXCL59nXSaoniI/T eihTlGTjWoJ7fTqzstA2Syt+Mmq7VecOVoR0mJgBjw1CFXlzApZI1tTnq9Iio6Xs 2fxP08n1kKXQFlG7x62Y7EjJaFAF1fcMVrHPc43CTM455tRW9V5ODETGyt9DByf3 R2w11NZgGUzonElwIKib2zUJ+XSIvIU5Go60t+BDfmJMdTtAxoyZ79b+sTl//lcq Be0WhSX48Fn6CfFzeH84/lCPcf/i1MB5qE9Vjk6iR2Z9M4xB1YKGUZT/Z1L9yurt bs3tpp5kSajgYrkCYaYkHY/so+E01zbQa99vABEBAAG0JWJpdDlidWlsZCAoYml0 OWNzKSA8c3VwcG9ydEBiaXQ5LmNvbT6JATgEEwECACIFAlMsJ4kCGwMGCwkIBwMC BhUIAgkKCwQWAgMBAh4BAheAAAoJEEhbsN9qxXcER9IH/i8dg4q4cK1lLLFr8vEi 30Il/kokNCacNdBH0gPVlCiGaVRcmgC1pAZuO8HjyEhFplrWU7rRPFhdLgupN95I rFY5CJ9r+FO99SJTkhJY7vM/4rSOVTat+ZAJgJ/lk3Q148jUK+vOhKa/9I2lys5N g7OR0EST7fLBNigKIXgy44Zb5GjzJBAQ1vbGNuErduldrR4lIueFjk6QdbVp8SN1 kD/SgqH1rmBiCeX2YMFcudDT6YQ7DnKfzC+GtKp+Lbs2ZyYH96bIeSNKA008x95f y0dWEsxYvrsoAvl9zIml5mg2mnLHNXiDV54ABvtPk27TKeZBxlQPWBu3TZCmNkdn umy5AQ0EUywniQEIALtfcwslAk9pyfgj0GqznkalLrln8KsznYAtUCQUl8odtHLP QW4puA713glzLLk+IU69SFUHYdUIl0I2VP3M9gRWuQQ7NNXaniPXF0xTCrLPPYH7 Y4d7VlK7q/Fu+qP+pobT9RV9Z0hINmm5mYeeNneCqWzFdmdOYqMp592gdqsKA9E6 M70jSZzYbL9ZVCENiCM11q+CqciddZkAN0MrOP78w7sMXpQiJ6oRTBDy43GcHf1Z BwClePknHQ1tXrCxY4nS/+nbhNgx5U0CtZMk034Cj75+Auyen2sbsgFj889Gjxoj SzZ2elWzKbjiC9sZJjI++ENDsH79Vi84u98tplMAEQEAAYkBHwQYAQIACQUCUywn iQIbDAAKCRBIW7DfasV3BBYBCACMw7aKV2vsVVVQ8GSfe6gjnR5iYc+aoFpoMSRf 5keGk0Tw1s7Qx1H4CEJTBJRuSol+KHKkR+S2rqc3FfU97WnODx3xPIZlguL2+MUi LENm8W37QIr3G3vC7Lxens+67Fr367P0clC7irJxo6I8s5R//eiUaU5y3CzrTYOz eyS3ZaG3Bmax7EinfR0kcdGE0PuKEJ+qUPoOQPEDgqnwCrPtxou7ihzGPbWg75en B6HS7k++N1yRGXQwRKlP2XHZjCUpkcFHZJQJwDpnphTqq+2DqJ89+wBf2cvKCfgO v7EXr1qie7DcHDHpc1M7ZcSCqTCjbrQTb6KetUJK+WM/Uotx =0gTd -----END PGP PUBLIC KEY BLOCK-----
- Verify manifest.sha256 by running the following command:
gpg --verify manifest.sha256.asc manifest.sha256
- Use
sha256sum
to check each package and compare it with the checksum in manifest.sha256. For example, the content of manifest.sha256 of CarbonBlackSensorUpgrader-linux-v7.1.0.98326.tar.gz is:ed53fa7a980342af5fcad5a5e8f2bfbdbf2f1c30fe3f8d4b8a93d8465a563bee pkgs/cbsensor-7.1.0.98326.x86_64.rpm 873c9e00fa713c8b242ef1aa8ae0316c75794980db81bc9161f17af4bf208770 pkgs/cbsysd-7.1.0.98326.x86_64.rpm 6220d0fd87bb92dd562148244948b43ec7d0de00bab68abb82caadcaaf5b41bf pkgs/cbsensor-7.1.0.98326.amd64.deb 38f7df9087a530b103d245a9b88c7b7648f934f0be98542ef677ebedc4cebe63 pkgs/cbsysd-7.1.0.98326.amd64.deb a70bac0e80e51ffbe6386deb62754064af0560c4a0fda233a91fe736d475c4c9 upgrade.sh
Run the following command:sha256sum pkgs/cbsensor-7.1.0.98326.x86_64.rpm
to achieve the following result:ed53fa7a980342af5fcad5a5e8f2bfbdbf2f1c30fe3f8d4b8a93d8465a563bee pkgs/cbsensor-7.1.0.98326.x86_64.rpm