On 10/29/18 4:11 PM, Mark Thacker wrote:
AHHH.
Well, checking the signatures of the RPMs verses what we posted in the
certification would be a start. (sorry, manual there unless you
automate using Ansible or OpenSCAP perhaps)
You can check that the kernel is running in FIPS mode, of course, but
I'm not sure that's all you want to check.
Current content evaluates FIPS enablement (e.g grub fips=1).
We can *easily* enhance these checks to ensure the appropriate RPMs are
installed to. If this would be valuable, it's very very quick/trivial to
do.
BTW : That process of checking that the system is configured in FIPS
does get easier in the future.....
hayyyyy I thought the first rule of $thingThatShallNotBeNamed was to not
talk about $thingThatShallNotBeNamed in public? Don't worry, I won't tell ;)
_______________________________________________
scap-security-guide mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
