Skip to content

simp/pupmod-simp-fips

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

69 Commits
.github/workflows
.github/workflows
 
 
SIMP/compliance_profiles
SIMP/compliance_profiles
 
 
data
data
 
 
manifests
manifests
 
 
spec
spec
 
 
.fixtures.yml
.fixtures.yml
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.pdkignore
.pdkignore
 
 
.puppet-lint.rc
.puppet-lint.rc
 
 
.rspec
.rspec
 
 
CHANGELOG
CHANGELOG
 
 
Gemfile
Gemfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
REFERENCE.md
REFERENCE.md
 
 
Rakefile
Rakefile
 
 
hiera.yaml
hiera.yaml
 
 
metadata.json
metadata.json
 
 

Repository files navigation

License CII Best Practices Puppet Forge Puppet Forge Downloads Build Status

Table of Contents

Description

This module enables Federal Information Processing Standard(FIPS) mode at the kernel level. FIPS Publication 140-2, is a computer security standard, developed by a U.S. Government and industry working group to validate the quality of cryptographic modules. FIPS publications (including 140-2) can be found at the following URL: http://csrc.nist.gov/publications/PubsFIPS.html. Enabling FIPS mode installs an integrity checking package and modifies ciphers available for applications to use.

This module manages the kernel parameters and packages required for enabling FIPS mode in supported operating systems.

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they may be submitted to our bug tracker.

Setup

What fips affects

WARNING

FIPS mode disables md5 hashing at a library level. Enabling it may have unintended consequences.

  • Kernel parameters and Grub
  • Dracut and initrd
  • Packages:
    • nss
    • dracut-fips
    • fipscheck

Beginning with fips

Include the fips class.

  • By default, this will enable FIPS mode.
  • To ensure that FIPS mode is disabled, set simp_options::fips to false.
    • Do not set fips::enabled directly to false―it defaults to the value of simp_options::fips (as do the FIPS-related parameters of all other SIMP modules).

IMPORTANT

Setting simp_options::fips to either true or false is by far the best method to consistently configure all SIMP modules with your intended FIPS mode.

Reference

See REFERENCE.md for details.

Limitations

SIMP Puppet modules are generally intended for use on Red Hat Enterprise Linux and compatible distributions, such as CentOS. Please see the metadata.json file for the most up-to-date list of supported operating systems, Puppet versions, and module dependencies.

Development

Please read our Contribution Guide.

Acceptance tests

This module includes Beaker acceptance tests using the SIMP Beaker Helpers.

By default the tests use Vagrant with VirtualBox as a back-end; Vagrant and VirtualBox must both be installed to run these tests without modification. To execute the tests run the following:

bundle install
bundle exec rake beaker:suites

Please refer to the SIMP Beaker Helpers documentation for more information.

About

The SIMP fips Puppet Module

Topics

puppet fips simp

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

16 watching

Forks

13 forks
Report repository

Releases 16

Release of 0.9.0 Latest
Oct 24, 2023
+ 15 releases

Packages

No packages published

Contributors 10

Languages