Versions Compared

Old Version 20

changes.mady.by.user Matthew Hierholzer

Saved on

compared with

New Version 21

changes.mady.by.user Matthew Hierholzer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Warning

Proceed with caution, as Checkmk does not currently support FIPS configurations.

This article is a workaround only!

Status
colourGreen
titleLAST TESTED ON CHECKMK 2.2.0P1


...

  1. Verify if FIPS is already enabled on the system. 

    Code Block
    languagebash
    themeRDark
    $ fips-mode-setup --check
FIPS mode is enabled.


    If FIPS is not enabled, you will need to enable it using Red Hat's official methods.


    .

  2. The application works with FIPS mode fine, as the following screens show. The problem is that it doesn't install with the MD5-signed RPM.


    The problem is that it doesn't install with the MD5-signed RPM
    Tip

    GNU Privacy Guard (GPG) signatures are digital signatures that verify the authenticity of data or communication. 

    To find out which signature a file has, you can use the method below:

    Code Block
    languagebash
    themeRDark
    [LinuxUser~]$ rpm -qp --qf "%{filedigestalgo}\n" check-mk-agent-2.3.0p4-93d660e1b182fc28.noarch.rpm 
(none)


###a package was downloaded and executed the same command and here its "8" which means SHA-256. 
[LinuxUser~]$ rpm -qp --qf "%{filedigestalgo}\n" package/openssh-server-8.7p1-38.el9.x86_64.rpm 
8


    The algorithms are SHA1, SHA256, SHA384, and SHA512, which are represented as 2, 8, 9, and 10 respectively

    .

    .

    The application works with FIPS mode fine, as the following screens show.

    .



    If the RPM is signed by SHA256 or the --nofiledigest option is specified, Checkmk should install without fail.

    Code Block
    languagebash
    themeRDark
    [user@redhat8host ~]$ sudo rpm -ivh --nofiledigest check-mk-agent-2.1.0p16-d88c216c6ads3a29.noarch_1.rpm

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

	#1) Respect the privacy of others.
	#2) Think before you type.
	#3) With great power comes great responsibility.

[sudo] password for checkmk:
verifying ...                       #########################################################[100%]
preparing ...                       #########################################################[100%]
updating / installing ...
	l:check-mk-agent-2.1.0p16-3.d88c216######################################################[100%]


Deploying systemd units: check-mk-agent-async.service check-mk-agent.socket check-mk-agent@.service cmk-agent-ctl-daemon.service
Deployed systemd
Creating/updating cmk-agent user account ..

WARNING: The agent controller is operating in an insecure mode! To secure the connection run `cmk-agent-ctl register'

Activating systemd unit *check-mk-agent-async.service'..
Created symlink /etc/systemd/system/multi-user.target.wants/check-mk-agent-async.service - /usr/lib/systemd/system/check-mk-agent-async.service.
Activating systemd unit *check-mk-agent.socket”
Created symlink /etc/systemd/system/sockets.target.wants/check-mk-agent.socket ep etstthe - ustf ttorsys teudr /usr/lib/systemd/system/check-mk sys tem/ check-mk-agent. socket.
Activating systemd unit *cmk-agent-ctl-daemon.service' ..'
Created symlink /etc/systemd/system/multi-user,target.wants/cmk-agent-ctl-daemon.service - /usr/lib/systemd/system/cmk-agent-ctl-daemon.service.
[user@redhat8host ~]$

    .


...