- Description
- Setup - The basics of getting started with fips
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
This module enables Federal Information Processing Standard(FIPS) mode. FIPS Publication 140-2, is a computer security standard, developed by a U.S. Government and industry working group to validate the quality of cryptographic modules. FIPS publications (including 140-2) can be found at the following URL: http://csrc.nist.gov/publications/PubsFIPS.html. Enabling FIPS mode installs an integrity checking package and modifies ciphers available for applications to use.
This module manages the kernel parameters and packages required for enabling FIPS mode in CentOS and RHEL.
This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.
If you find any issues, they may be submitted to our bug tracker.
FIXME: Ensure the This is a SIMP module section is correct and complete, then remove this message!
This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:
- When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.
- If used independently, all SIMP-managed security subsystems are disabled by default and must be explicitly opted into by administrators. Please review the
$client_nets,$enable_*and$use_*parameters inmanifests/init.ppfor details.
WARNING
FIPS mode disables md5 hashing at a library level. Enabling it may have unintended consequences.
- Kernel parameters and Grub
- Dracut and initrd
- Packages:
- nss
- dracut-fips
- fipscheck
Include the ::fips class. By default it will enable FIPS mode, but if you'd like to ensure that FIPS mode is disabled, call the class and set fips::enabled: false in hiera.
This section is where you describe how to customize, configure, and do the fancy stuff with your module here. It's especially helpful if you include usage examples and code samples for doing things with your module.
Please refer to the inline documentation within each source file, or to the module's generated YARD documentation for reference material.
SIMP Puppet modules are generally intended for use on Red Hat Enterprise Linux and compatible distributions, such as CentOS. Please see the metadata.json file for the most up-to-date list of supported operating systems, Puppet versions, and module dependencies.
Please read our Contribution Guide and visit our developer wiki.
This module includes Beaker acceptance tests using the SIMP Beaker Helpers. By default the tests use Vagrant with VirtualBox as a back-end; Vagrant and VirtualBox must both be installed to run these tests without modification. To execute the tests run the following:
bundle install
bundle exec rake beaker:suitesFIXME: Ensure the Acceptance tests section is correct and complete, including any module-specific instructions, and remove this message!
Please refer to the SIMP Beaker Helpers documentation for more information.