FIPS is an acronym that stands for Federal Information Processing Standards. It is a set of standards and guidelines developed by the United States federal government to establish uniform requirements for information security, including computer security, data protection, and cryptography.
Table of Contents
What is FIPS?
FIPS publications are used by federal agencies and organizations that handle sensitive government information, such as military, law enforcement, and financial institutions.
They cover a wide range of topics, including encryption algorithms, key management, digital signatures, and access control.
FIPS compliance is often a requirement for vendors that supply products and services to the U.S. government, and many countries outside the U.S. also recognize FIPS standards.
The National Institute of Standards and Technology (NIST) is the agency responsible for developing and maintaining the FIPS publications.
How to enable FIPS in Redhat Linux?
RedHat 8 have the specific command fips-mode-setup to enable/disable FIPS mode.
- Open a terminal on your Linux system.
- Type the command to switch to the root user: su –
- Type the following command to enable FIPS mode:
# fips-mode-setup --enable
Setting system policy to FIPS
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
FIPS mode will be enabled.
Please reboot the system for the setting to take effect.
You also need to to restart your system to allow the kernel to switch to FIPS mode:
reboot
If you get the following error, you may need to use yum list installed command to make sure “crypto-policies-scripts” package in installed.
# fips-mode-setup
-bash: fips-mode-setup: command not found
# rpm -qf $(command -v fips-mode-setup)
crypto-policies-scripts-20210209-1.gitbfb6bed.el8_3.noarch
yum list installed |grep crypto-policies-scripts
If you need to install this package, run the following command.
yum install crypto-policies-scripts
Check FIPS mode using fips-mode-setup command in Linux
The best way to check FIPS mode in Redhat Linux is using fips-mode-setup command.
In case the FIPS mode has been turned off, the output will appear as follows.
# fips-mode-setup --check
FIPS mode is disabled.
Check FIPS mode from command exit status in Linux
We can also get the status of FIPS mode using exit status.
The command echo $? is used to print the exit status of the previous command that was executed in the shell.
If the exit status is 0, it means that the previous command completed successfully without any errors. If the exit status is a non-zero value, it indicates that the command encountered an error or failed to complete successfully.
# fips-mode-setup --is-enabled
# echo $?
2
From the above example, we can see that fips mode is disabled.
Check FIPS mode from /proc directory in Linux
We can check FIPS mode from /proc directory./proc/sys is a subdirectory within the /proc file system that contains system configuration and tuning parameters that can be read and modified by the user or system administrator.
These parameters can be used to adjust the behavior of the kernel and various system components. For example, the /proc/sys/kernel/hostname file contains the hostname of the system.
In our case here, we can use the following command.
# cat /proc/sys/crypto/fips_enabled
0
If the output of the command is 1, it means that FIPS mode is enabled on the system. If the output is 0, it means that FIPS mode is not enabled.
FIPS mode is enabled:
# fips-mode-setup --check
FIPS mode is enabled.
# cat /proc/sys/crypto/fips_enabled
1
# fips-mode-setup --is-enabled
# echo $?
0