rwdj commented on issue #6246: URL: https://github.com/apache/cloudstack/issues/6246#issuecomment-1098155992
Regarding additional steps, it would be most of the [Red Hat Enterprise Linux 8 Security Technical Implementation Guide](https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2021-12-03/), but that's _probably_ too much. Checking full STIG compliance for a system takes way too long for this purpose. The document https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/assembly_installing-a-rhel-8-system-with-fips-mode-enabled_security-hardening describes enabling FIPS. In general, it's just making sure the system has fips=1 in the kernel parameters during installation/initialization. And then you can use `fips-mode-setup --check` to verify it worked (which is not the same way it was done in RHEL7, by the way). Alternatively, an existing system can be made FIPS compliant with as described [here](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening#switching-the-system-to-fips-mode_using-the-system-wide-cryptographic-policies), but it's not recommended by Red Hat. I believe there are a number of things done during initialization that are less complex to do during initialization, but that's only my guess. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
