<div dir="ltr">The gui button does not set the system into fips mode if fips=1 wasn't added to boot options before installer launches. Figured as much, but good to confirm. <div><br></div><div>cat <span style="color:rgb(84,84,84);line-height:18.2px">/</span><span style="font-weight:bold;color:rgb(106,106,106);line-height:18.2px">proc</span><span style="color:rgb(84,84,84);line-height:18.2px">/sys/crypto/</span><span style="color:rgb(84,84,84);line-height:18.2px">fips_enabled</span></div><div><span style="color:rgb(84,84,84);line-height:18.2px">0</span></div><div><br></div><div>The STIG option installed several additional apps including openscap. <br></div><div><br></div><div><br></div><div><span style="color:rgb(84,84,84);line-height:18.2px"><br></span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 11, 2016 at 5:26 PM, Jim Kinney <span dir="ltr"><<a href="mailto:jim.kinney@gmail.com" target="_blank">jim.kinney@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>Let us know what you see. The gui button didn't indicate it would activate anything during the installation process itself.</div><div><div class="h5"><div><br></div><div>On Thu, 2016-02-11 at 17:13 -0500, Adrya Stembridge wrote:</div><blockquote type="cite"><div dir="ltr">Wonder if we'd still need to add fips=1 to boot options when launching the installer? Might have a go at this later today. </div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 11, 2016 at 5:04 PM, Jim Kinney <span dir="ltr"><<a href="mailto:jim.kinney@gmail.com" target="_blank">jim.kinney@gmail.com</a>></span> wrote:<br><blockquote type="cite"><div><div>I'll have to poke an new install and see how much it loads in with the STIG security profile activated. The Mil-OSS group is a tad miffed that RHEL7 STIG is still only in pre-release DRAFT status since 7 has been out for over 2 years now.</div><div><div><div><br></div><div>On Thu, 2016-02-11 at 16:58 -0500, DJ-Pfulio wrote:</div><blockquote type="cite"><pre>CentOS 6 and RHEL 6 stuff:
RHEL 6 - <a href="https://www.ansible.com/security-stig" target="_blank">https://www.ansible.com/security-stig</a>
Deep Dive: <a href="https://www.ansible.com/blog/stig-automation" target="_blank">https://www.ansible.com/blog/stig-automation</a>
Github: <a href="https://github.com/samdoran/ansible-role-rhel6stig" target="_blank">https://github.com/samdoran/ansible-role-rhel6stig</a>
Ubuntu (not "STIGS", but ... )
<a href="https://benchmarks.cisecurity.org/downloads/browse/?category=benchmarks.os.linux.ubuntu" target="_blank">https://benchmarks.cisecurity.org/downloads/browse/?category=benchmarks.os.linux.ubuntu</a>
On 02/11/2016 04:15 PM, Jim Kinney wrote:
<blockquote type="cite">
New security options in CentOS 7 during install: pre-release draft STIG
configurations.
For those that know what this is, being able to choose during installation is a
nice thing.
For those that don't know, STIG security configuration makes the DoD very happy.
OK. The DoD security enforcers have had all joy-like activities surgically
removed from their existence. But this make makes them less likely to shoot on
sight.
</blockquote>
_______________________________________________
Ale mailing list
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a>
See JOBS, ANNOUNCE and SCHOOLS lists at
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a>
</pre></blockquote></div></div><span><div><span><pre>--
James P. Kinney III
Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
<a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a>
</pre></span></div></span></div><br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div><br></div>
<pre>_______________________________________________
Ale mailing list
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a>
See JOBS, ANNOUNCE and SCHOOLS lists at
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a>
</pre></blockquote><div><span><pre>--
James P. Kinney III
Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
<a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a>
</pre></span></div></div></div></div><br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div><br></div>