Forge Home

fips

A SIMP module for managing FIPS

72,182 downloads

2,222 latest version

4.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.9.0 (latest)
  • 0.8.0
  • 0.6.0
  • 0.5.2
  • 0.5.0
  • 0.4.5
  • 0.4.4
  • 0.4.2
  • 0.4.1
  • 0.3.0
  • 0.2.0
  • 0.1.4
  • 0.1.3
  • 0.1.2
  • 0.1.1
released Oct 24th 2023
This version is compatible with:
  • Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
  • Puppet >= 7.0.0 < 9.0.0
  • , , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'simp-fips', '0.9.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add simp-fips
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install simp-fips --version 0.9.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: simp, fips

Documentation

simp/fips — version 0.9.0 Oct 24th 2023

License CII Best Practices Puppet Forge Puppet Forge Downloads Build Status

Table of Contents

Description

This module enables Federal Information Processing Standard(FIPS) mode at the kernel level. FIPS Publication 140-2, is a computer security standard, developed by a U.S. Government and industry working group to validate the quality of cryptographic modules. FIPS publications (including 140-2) can be found at the following URL: http://csrc.nist.gov/publications/PubsFIPS.html. Enabling FIPS mode installs an integrity checking package and modifies ciphers available for applications to use.

This module manages the kernel parameters and packages required for enabling FIPS mode in supported operating systems.

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they may be submitted to our bug tracker.

Setup

What fips affects


WARNING

FIPS mode disables md5 hashing at a library level. Enabling it may have unintended consequences.

  • Kernel parameters and Grub
  • Dracut and initrd
  • Packages:
    • nss
    • dracut-fips
    • fipscheck

Beginning with fips

Include the fips class.

  • By default, this will enable FIPS mode.
  • To ensure that FIPS mode is disabled, set simp_options::fips to false.
    • Do not set fips::enabled directly to false―it defaults to the value of simp_options::fips (as do the FIPS-related parameters of all other SIMP modules).

IMPORTANT

Setting simp_options::fips to either true or false is by far the best

method to consistently configure all SIMP modules with your intended FIPS mode.

Reference

See REFERENCE.md for details.

Limitations

SIMP Puppet modules are generally intended for use on Red Hat Enterprise Linux and compatible distributions, such as CentOS. Please see the metadata.json file for the most up-to-date list of supported operating systems, Puppet versions, and module dependencies.

Development

Please read our Contribution Guide.

Acceptance tests

This module includes Beaker acceptance tests using the SIMP Beaker Helpers.

By default the tests use Vagrant with VirtualBox as a back-end; Vagrant and VirtualBox must both be installed to run these tests without modification. To execute the tests run the following:

bundle install
bundle exec rake beaker:suites

Please refer to the SIMP Beaker Helpers documentation for more information.