Comments (9)
agit05
commented on August 29, 2024
Some of the answers can be found here:
https://access.redhat.com/solutions/2853221
Still, I am more woried about the sha1 message.
from ssg-el7-kickstart.
shawndwells
commented on August 29, 2024
If you're applying OpenSCAP/SCAP Security Guide remediations, would recommend pinging that community directly. Your question will likely get much more attention from the content-creation community, as they'll be the ones to patch anything thats causing issues :)
https://github.com/OpenSCAP/scap-security-guide
from ssg-el7-kickstart.
fcaviggia
commented on August 29, 2024
SHA1 is now depreciated, the recommendation is to move to SHA2 or SHA256 if possible.
https://blog.qualys.com/ssllabs/2014/09/09/sha1-deprecation-what-you-need-to-know
from ssg-el7-kickstart.
ykorkmaz
commented on August 29, 2024
I am installing CentOS 7 and encountered the same error message during boot just after the installation, i.e. "dracut-pre-trigger[646]: modprobe: FATAL: Module sha1 not found." after selecting DISA STIG RHEL7 security profile. Boot does not continue because FIPS verification fails.
Any ideas or comments about the problem?
from ssg-el7-kickstart.
fcaviggia
commented on August 29, 2024
Hi,
I can try and figure out the issue, but I need more information:
1. What version of CentOS 1708, 1804?
2. Did you select FIPS 140-2 Mode during installation?
…-Frank
On Wed, Jul 18, 2018 at 3:10 AM Ya.Ko ***@***.***> wrote:
I am installing CentOS 7 and encountered the same error message during
boot just after the installation, i.e. "dracut-pre-trigger[646]: modprobe:
FATAL: Module sha1 not found." after selecting DISA STIG RHEL7 security
profile. Boot does not continue because FIPS verification fails.
Any ideas or comments about the problem?
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#43 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AF0NgyfX0jIwqYHM33TEeIYjWcrUpDtFks5uHt9KgaJpZM4NHeQN>
.
from ssg-el7-kickstart.
ykorkmaz
commented on August 29, 2024
Thanks for the reply.
Version is CentOS 1804 and FIPS is enabled by selecting the DISA STIG RHEL7 profile. Otherwise I have not specifically enabled it.
By the way, we experienced it also on another freshly installed server but it happened after an OS update. This time it says "dracut: FATAL: FIPS integrity test failed".
from ssg-el7-kickstart.
fcaviggia
commented on August 29, 2024
I'll try to test this out this weekend.
from ssg-el7-kickstart.
ykorkmaz
commented on August 29, 2024
It turned out that UUID of the boot partition was not specified in the in the GRUB_CMDLINE_LINUX key in /etc/default/grub file. After adding it manually and rebuilding the grub.conf, the problem has been resolved.
However, I have selected the DISA STIG RHEL7 profile during installation and UUID should have been already added to the boot loader configuration to enable FIPS as described in the following documentation: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-federal_standards_and_regulations
Somehow the selected profile only adds the fips=1 parameter but not UUID of the boot partition which causes the problem after an update or so.
from ssg-el7-kickstart.
jamescassell
commented on August 29, 2024
If you pass fips=1 on the installer CMD line, everything works as expected
from ssg-el7-kickstart.
Related Issues (20)
- STIG profile ssg-rhel7-xccdf enforces repo_gpgcheck=1 but neither CDN nor Satellite6 provide signed metadata HOT 2
- type error with /usr/bin/python from DVD image HOT 1
- Refresh the HBox button labels? HOT 3
- No GUI menu driven install, all text based HOT 1
- Contribute Kickstart file to SSG repo HOT 3
- Change Licence (GPLv2 -> APL2.0) HOT 6
- Partitions in MB and not in % HOT 10
- command issue HOT 1
- Header & Footer label displays do not display correctly HOT 3
- LDap user can not login HOT 8
- Issues installing Redhat 7.6 Workstation using DISA STIG HOT 9
- Adding Packages HOT 1
- ssg-el8-kickstart HOT 15
- USBguard disables keyboard and mouse
- is there any change for RHEL 7.7 HOT 9
- How to execute script for CentOS 7 HOT 2
- Mouse and Keyboad HOT 4
- RHEL 7.8 HOT 5
- RHEL 7 LVM VG error with 4 Disks HOT 1
- Is there any upgrade plan for RHEL 9 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ssg-el7-kickstart.