Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Appendix B. Provisioning FIPS-compliant hosts


Satellite supports provisioning hosts that comply with the National Institute of Standards and Technology’s Security Requirements for Cryptographic Modules standard, reference number FIPS 140-2, referred to here as FIPS.

To enable the provisioning of hosts that are FIPS-compliant, complete the following tasks:

  • Change the provisioning password hashing algorithm for the operating system
  • Create a host group and set a host group parameter to enable FIPS

For more information, see Creating a Host Group in Managing hosts.

The provisioned hosts have the FIPS-compliant settings applied. To confirm that these settings are enabled, complete the steps in Section B.3, “Verifying FIPS mode is enabled”.

B.1. Changing the provisioning password hashing algorithm

To provision FIPS-compliant hosts, you must first set the password hashing algorithm that you use in provisioning to SHA256. This configuration setting must be applied for each operating system you want to deploy as FIPS-compliant.

Procedure

  1. Identify the Operating System IDs:

    # hammer os list
  2. Update each operating system’s password hash value.

    # hammer os update \
    --password-hash SHA256
    --title "My_Operating_System"

    Note that you cannot use a comma-separated list of values.

B.2. Setting the FIPS-enabled parameter

To provision a FIPS-compliant host, you must create a host group and set the host group parameter fips_enabled to true. If this is not set to true, or is absent, the FIPS-specific changes do not apply to the system. You can set this parameter when you provision a host or for a host group.

To set this parameter when provisioning a host, append --parameters fips_enabled=true to the Hammer command.

# hammer hostgroup set-parameter \
--hostgroup "My_Host_Group" \
--name fips_enabled \
--value "true"

For more information, see the output of the command hammer hostgroup set-parameter --help.

B.3. Verifying FIPS mode is enabled

To verify these FIPS compliance changes have been successful, you must provision a host and check its configuration.

Procedure

  1. Log in to the host as root or with an admin-level account.
  2. Enter the following command:

    $ cat /proc/sys/crypto/fips_enabled

    A value of 1 confirms that FIPS mode is enabled.

Red Hat logoGithubRedditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

© 2024 Red Hat, Inc.