The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
To make an Oracle Linux Release 6 Update 7 system compliant with Federal Information Processing Standard (FIPS) Publication 140-2, perform the following steps:
Install the
dracut-fips
package:#
yum install dracut-fips
Recreate the
initramfs
file system:#
dracut -f
Identify either the device file path (
device
) under/dev
of your system's boot device or its UUID (uuid
) by using ls -l to examine the entries under/dev/disk/by-uuid
.Add either a
boot=
entry or adevice
boot=UUID=
entry for the boot device to theuuid
kernel
command line in/etc/grub.conf
.Add a
fips=1
entry to thekernel
command line in/etc/grub.conf
to specify strict FIPS compliance.Disable prelinking by setting
PRELINKING=no
in/etc/sysconfig/prelink
.Remove all existing prelinking from binaries and libraries:
#
prelink -ua
Install the
openssh-server-fips
andopenssh-client-fips
packages and their dependent packages:#
yum install openssh-server-fips openssh-client-fips
Shut down and reboot the system.
If you specify fips=1
on the kernel
command line but omit a valid boot=
entry, the system crashes because it cannot locate the
kernel's .hmac
file.
If you do not disable and remove all prelinking, users
cannot log in and /usr/sbin/sshd
does not
start.
(Bug ID 17759117)