이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Appendix B. Provisioning FIPS-Compliant Hosts


Satellite supports provisioning hosts that comply with the National Institute of Standards and Technology’s Security Requirements for Cryptographic Modules standard, reference number FIPS 140-2, referred to here as FIPS.

To enable the provisioning of hosts that are FIPS-compliant, complete the following tasks:

  • Change the provisioning password hashing algorithm for the operating system
  • Create a host group and set a host group parameter to enable FIPS

For more information about creating host groups, see Creating a Host Group in the Managing Hosts guide.

The provisioned hosts have the FIPS-compliant settings applied. To confirm that these settings are enabled, complete the steps in Section B.3, “Verifying FIPS Mode is Enabled”.

B.1. Change the Provisioning Password Hashing Algorithm

To provision FIPS-compliant hosts, you must first set the password hashing algorithm that you use in provisioning to SHA256. This configuration setting must be applied for each operating system you want to deploy as FIPS-compliant.

  1. Identify the Operating System IDs.

    $ hammer os list
  2. Update each operating system’s password hash value.

    $ hammer os update --title Operating_System \
      --password-hash SHA256
  3. Repeat this command for each of the operating systems, using the matching value in the TITLE column:

    $ hammer os update --title "RedHat version_number" \
      --password-hash SHA256

    Note that you cannot use a comma-separated list of values.

B.2. Setting the FIPS-Enabled Parameter

To provision a FIPS-compliant host, you must create a host group and set the host group parameter fips_enabled to true. If this is not set to true, or is absent, the FIPS-specific changes do not apply to the system. You can set this parameter when you provision a host or for a host group.

To set this parameter when provisioning a host, append --parameters fips_enabled=true to the Hammer command.

$ hammer hostgroup set-parameter --name fips_enabled \
 --value 'true' \
 --hostgroup prod_servers

For more information, see the output of the command hammer hostgroup set-parameter --help.

B.3. Verifying FIPS Mode is Enabled

To verify these FIPS compliance changes have been successful, you must provision a host and check its configuration.

  1. Log on to the host as root or with an admin-level account.
  2. Enter the following command:

    $ cat /proc/sys/crypto/fips_enabled

    A value of 1 confirms that FIPS mode is enabled.

Red Hat logoGithubRedditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

© 2024 Red Hat, Inc.