FileCloud officially supports FIPS mode with CentOS 7.x version. This post explains how to enable FIPS encryption in your FileCloud installation. Important Note – Please make sure you have the FIPS component enabled in your FileCloud license. If you do not have the component, please contact our sales team at sales@filecloud.com for further help in adding […]
FileCloud officially supports FIPS mode with CentOS 7.x version. This post explains how to enable FIPS encryption in your FileCloud installation.
Important Note -
Please make sure you have the FIPS component enabled in your FileCloud license. If you do not have the component, please contact our sales team at sales@filecloud.com for further help in adding the component to your license.
To enable FIPS encryption, you must first enable Dracut modules in CentOS; this can be installed by running the below commands:
yum install dracut-fips yum install dracut-fips-aesni dracut -v -f
It should yield the following results:
Once the Dracut module is configured, the next step is to add the FIPS flag to the grub configuration. To make the necessary changes, modify this file /etc/default/grub by adding fips=1 to GRUB_CMDLINE_LINUX.
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet fips=1"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet fips=1 boot=UUID=34c96d6b-a43c-fec3-a2a6-e6593c977550" #if /boot is on a different partition use blkid of the boot partition
After modifying the grub configuration, we will need to regenerate the grub configuration using the below command:
grub2-mkconfig -o /etc/grub2.cfg
If prelinking is installed in the server, you must first disable prelinking by modifying this file – /etc/sysconfig/prelink – and setting PRELINKING=no
After the above changes are made, reboot the server and check this file – cat /proc/sys/crypto/fips_enabled – to ensure FIPS is enabled.
[root@cnfc ~]# cat /proc/sys/cryto/fips_enabled 1
The next step is to install FileCloud.
yum install wget wget http://patch.codelathe.com/tonidocloud/live/installer/filecloud-liu.sh && bash filecloud-liu.sh
Install FileCloud with the above script and configure the components required depending on your use case. Once completed, your FileCloud server will run under the FIPS mode.
You can also download and install a FIPS-enabled OpenSSL.
NOTE: This is only needed if safelogic modules are required. Once FIPS mode is enabled, CentOS installs FIPS-enabled packages by default.
yum install unzip wget http://patch.codelathe.com/tonidocloud/live/3rdparty/fipsopenssl/fipsopenssl.zip unzip -q fipsopenssl.zip -d /root/fipsopenssl rpm -Uvh –nodeps /root/fipsopenssl/*.rpm
We also recommend enabling strong ciphers and TLS 1.2/TLS 1.3 in your Apache SSL configuration:
#SSLProtocol all -SSLv2 -SSLv3 SSLProtocol -all +TLSv1.2 +TLSv1.3 #SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA #SSLCipherSuite HIGH:!aNULL:!MD5 SSLCipherSuite HIGH:!MEDIUM:!LOW:!EXP:!aNULL:!MD5:!EXPORT:!eNULL:!kECDH:!aDH:!RC4:!3DES:!CAMELLIA:!PSK:!SRP:!KRB5:@STRENGTH
For greater security and governance over your data, FileCloud supports FIPS encryption. With this step-by-step process, you can now enable FIPS on your own FileCloud installation (provided it is available with your license.) For additional support or clarification, please get in touch with our support team at support@filecloud.com.
Article written by Nandakumar Chitra Suresh