Versions Compared

Version Old Version 26 New Version Current
Changes made by

Matthew Hierholzer

Matthew Hierholzer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


"FIPS" stands for Federal Information Processing Standards. It is a set of standards issued by the National Institute of Technology (NIST) in the United States to ensure the security and interoperability of information technology systems. Federal agencies and contractors use these standards to ensure their information systems are secure and meet certain/specific requirements for handling sensitive information/data.

This article explains enabling FIPS mode in Ubuntu-based systems working with Checkmk.
Info
Warning

Proceed with caution, as Checkmk does not currently support FIPS configurations.

This article is a workaround only!

Status
colourGreen
titleLAST TESTED ON CHECKMK 2.2.0P1


Panel
borderColorblack
bgColor#f8f8f8
titleTable of Contents

Table of Contents


Step-by-step guide


Info

FIPS mode is only available via an Ubuntu Pro subscription. A $25/yr/Desktop type subscription was used for this demonstration.

More information on attaching an Ubuntu Pro subscription can be found here:
https://ubuntu.com/server/docs/install/subscription


  1. The following image displays what should be enabled and where to locate your subscription token.
    Image Removed

    NextYou can use the following instructions to enable FIPS on Ubuntu systems:
    https://ubuntu.com/security/certifications/docs/fips-enablement

    Note

    Please note that the above process is not supported by Checkmk. If there is a problem enabling FIPS on Ubuntu, you will need to

    install Ubuntu Advantage on the system.

    reach out to Ubuntu support.


    .

  2. Now reboot the system. Here you can see that FIPS mode has been activated.

    Screenshot of ubuntu booting in fips modeImage Added

    You should reboot to this prompt.

    Code Block
    languagebash
    themeRDark
    [user@mylinuxhost ~]$ sudo apt install ubuntu-advantage-tools
    .After you have the token, you can use the following command to activate FIPS via Ubuntu Advantage
    Checking kernel image: /boot/vmlinuz-5.4.0-1007-fips
FIPS check done
done.

Welcome to Ubuntu 20.04.05 LTS!

    .

  3. Now you can register this host with the Checkmk Agent for monitoring.


    Code Block
    languagebash
    themeRDark
    [user@mylinuxhostuser@ubuntuhost ~]$ sudo ua attach <your_pro_token>
    Image Removed
    Now reboot the system. Here you can see that FIPS mode has been activated.
    Image Removed
    Image Removed
    Now you can register this host with the Checkmk Agent for monitoring.
    Image Removed
     cmk-agent-ctl register --site mysite --hostname ubuntuhost --server 192.168.0.15
user cmkadnin
Attempting to register at 192.168.0.15:8000/mysite. Server certificate details:

PEM-encoded certificate:
-----BEGIN CERTIFICATE-
MIICBTCCAdNgAWIBAGIUaCklbywn@E@BULRn?kqEHqlVEeEWDQYJKOZIhVCNAQEL
BQAWJTEJNCEGALUEAwwaU2l0ZSAnb₩9uaXRvcmlUZycgbG9jYWwgQOEWIBCNMjIx
MDEOMDMWNDA4WhgPMZAYNTAYNTQWMZAOMDhaMBUXEZARB9NVBAMMCm1vbml0b3Jp
brcwggELMAOGCSqGSIb3DQEBAQUAA4IBDWAWg9 EKAOIBAQCtbbso58PYU42KSDNW
FZAjJKg5qiqcAYrduend2gSp]GuUWptNxJyixlBxpőkCi1tB5GQqlJaKVFNDWXn/
fQ4NTbp5EUHoWkKZxPwbVTcF5VSHelaanOywLSDGEG9SXAI9CeuvvsSGbxeRMUEW
OgAefi057749f2+L6ejsSn7ARnNxKO+LLBMGMpPd+IZ3VW7gNEYQQ/j+UYQZO2I
340k+4Zn5D12UtwOP/R7q9DEAJd6k@USonur9KőukTK+c7st92zjskcqrtUWLW9W
7BOdsSbXEBSC1hY9LFZMAWÞYKDocArVxT4mP2UEnq/MtqhCoW+GqRJK/nkFytAbf
HpWdAgMBAAGj JZALMBUGA1UdEQQOMAyCCm1vbml0b3JpbmcWDAYDVROTAQH/BAIW
ADANBgkqhkiG9WOBAQSFAAOCAQEAdkn/3+QArR+5LOvy28MIUG1IefDWX/KBZ7q/
3rF1AKovaanGfu9UQZTH2jUhZiU@c4E1oqsVs4MVofgbf7jNr/Ae6okPPOa3YS4T
NWX85nĐe2qBXdQPy6VPROSDU3P79MYHIH35vdb0+nvHQQ08s/I2MEr+KjUSOe6VC
3/5kvNuYsItspi3Gr41TiRzwFEelASv9nxnc3X8Lh+2uB1Y2fyG9y0/eleklg9+i
n₩lwBbky4dBb¥1p+9yuioyu/+vGIFotaqxoJ6GkEyk3P8Vyi/jcdItKsFUtFanqy
XCxxuPpc9/SivPr9kvWjfQTAJKga012OLbMMUZNuyGuQhogj8g==
-END CERTIFICATE--

Issued by:
	Site "mysite' local CA
Issued to:
	mysite
Validity:
	From Fri, 14 Oct 2022 03:04:08 +0000
	To   Wed, 14 Feb 3021 03:04:08 +0000

Do you want to establish this connectton? [Y/n]
>Y

Please enter password for 'cmkadmin'
> 
[user@ubuntuhost ~]$

    Successful registration after FIPS mode enabled


    Monitored host with FIPS enabled

    Screenshot of ubuntu host with fips mode enabled and Check_mk service status at OKImage Modified


Filter by label (Content by label)
showLabelsfalse
max5
spacesCONKB
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel = in ( "kb-how-to-article" , "howto" ) and type = "page" and space = "CONKB"
labelskb-how-to-article

Page Properties
hiddentrue


Related issues


...