Feature #3511
As a security person, I would like Foreman to run in FIPS mode
Related issues
History
#1
Updated by Anonymous over 9 years ago
- setup foreman, smart_proxy, and puppet in FIPS mode
- see what breaks
#2
Updated by Eric Helms over 7 years ago
Updated by - Related to Feature #5313: FIPS compliancy added
#3
Updated by Dominic Cleal over 7 years ago
Updated by - Has duplicate Bug #12314: Foreman does not work with FIPS enabled added
#4
Updated by Dominic Cleal over 7 years ago
Linked ticket #12314 has some specifics.
#5
Updated by Trevor Vaughan about 7 years ago
Updated by Just wanted to make a note that a lot of the issue here may be that ActiveRecord does not support FIPS mode due to the explicit use of MD5.
Relevant Search: https://github.com/rails/rails/search?utf8=%E2%9C%93&q=md5
#6
Updated by Anonymous over 5 years ago
Please see https://groups.google.com/forum/#!topic/foreman-dev/CZFAY5FQl80 for the discussion of potential approaches.
#7
Updated by James Shewey over 5 years ago
Updated by - Subject changed from As a securiyt person, I would like Foreman to run in FIPS mode to As a security person, I would like Foreman to run in FIPS mode
I have opened https://github.com/rails/rails/issues/31203 upstream for this issue. Meanwhile, it appears that forman uses Digest::MD5 in the following places:
./migrate/20140912113254_add_password_hash_to_operatingsystem.rb
./migrate/20150428110835_change_os_default_password_hash.rb
./app/controllers/api/v1/operatingsystems_controller.rb
./app/controllers/api/v2/operatingsystems_controller.rb
./app/helpers/unattended_helper.rb
./app/helpers/application_helper.rb
./app/models/setting/email.rb
./app/services/password_crypt.rb
./app/views/unattended/provisioning_templates/snippet/_bmc_nic_setup.erb
https://github.com/theforeman/foreman/search?utf8=%E2%9C%93&q=md5&type=
#8
Updated by Anonymous over 5 years ago
- Related to Feature #21748: Replace crypto- and hash-functions unapproved by FIPS with FIPS-approved ones added
#9
Updated by Anonymous over 5 years ago
- Related to Feature #21749: Create CI environment with FIPS enabled added
#10
Updated by Anonymous over 5 years ago
- Related to Feature #21750: Investigate Rails caching with FIPS enabled added
#11
Updated by Anonymous over 5 years ago
- Related to Feature #21751: Investigate interoperability with Salt with FIPS enabled added
#12
Updated by Anonymous over 5 years ago
- Related to Feature #21752: Investigate interoperability with BMC/IPMI with FIPS enabled added
#13
Updated by Anonymous over 5 years ago
- Related to Feature #21753: Introduce verification of 3rd-party ssl certificates for FIPS-approved hash functions added
#14
Updated by Anonymous over 5 years ago
- Related to Feature #21754: Investigate interoperability with Puppet with FIPS enabled added
#15
Updated by Anonymous over 5 years ago
- Related to Feature #21755: Update dhcpd puppet module to use FIPS-approved hash function for omapi shared secret added
#16
Updated by Anonymous over 5 years ago
- Related to Feature #21756: Update bind puppet module to use FIPS-approved hash function for dhcpd shared secret added
#17
Updated by Anonymous over 5 years ago
Email thread with FIPS support discussion: https://groups.google.com/forum/#!search/foreman-dev/foreman-dev/CZFAY5FQl80/Ylxy-I7bBQAJ
#18
Updated by Anonymous over 5 years ago
- Related to Feature #21875: Add support for sha512 grub passwords to provisioning templates added
#19
Updated by Ivan Necas about 5 years ago
Updated by - Blocked by Bug #22583: Replace MD5 by SHA1 for apipie cache checksum added
#20
Updated by Ivan Necas almost 5 years ago
- Blocked by Bug #23128: Deface uses MD5 and doesn't work in FIPS-enable environment added
#21
Updated by Peter Ondrejka almost 5 years ago
Updated by - Blocked by Bug #23130: unable to install theforeman-foreman_scap_client in FIPS-enabled environment added
#22
Updated by Peter Ondrejka almost 5 years ago
- Blocked by Bug #23312: angular-rails-templates uses MD5 causing problems FIPS-enabled envrionments added
#23
Updated by Peter Ondrejka almost 5 years ago
- Related to Bug #23363: Katello uses md5hash function incompatible with FIPS-enabled environments added
#24
Updated by Anonymous almost 5 years ago
- Blocked by Tracker #21834: Rails 5.2 upgrade tasks added
#25
Updated by Peter Ondrejka over 4 years ago
- Related to Bug #24732: FIPS Scheduled synchronization task ends with PG::UniqueViolation: ERROR: duplicate key value violates unique constraint "index_katello_repository_rpms_on_rpm_id_and_repository_id" added
#26
Updated by Peter Ondrejka over 4 years ago
- Related to Bug #24889: Docker repository sync on FIPS system fails with TypeError: can't quote ActiveSupport::HashWithIndifferentAccess added
#27
Updated by Ivan Necas over 4 years ago
- Blocked by Feature #22119: Replace MD5 hashes with SHA added
#28
Updated by Ivan Necas over 4 years ago
Anyone with permissions, could you switch status on this to closed, as we're not aware of anything else right now to address, and things should just work(TM) in 1.20
#29
Updated by Anonymous over 4 years ago
- Status changed from New to Resolved
- Fixed in Releases 1.20.0 added
The rest is related mainly to plugins.
#30
Updated by Ondřej Pražák over 4 years ago
Updated by - Blocked by Bug #25447: Unable to create puppet certificate request from RHEL5 with fips enabled added
#31
Updated by Ivan Necas about 4 years ago
- Related to Bug #24974: The kafo configure is generating incorrect 'foreman-proxy-client-bundle.pem' which is not allowing httpd service to start added
#32
Updated by Ivan Necas about 4 years ago
- Related to Feature #26203: Allow provisioning hosts into FIPS mode added
#33
Updated by Ivan Necas about 4 years ago
- Related to Feature #26204: Allow provisioning hosts into FIPS mode added
#34
Updated by Ewoud Kohl van Wijngaarden about 4 years ago
Updated by - Related to Bug #26088: httpd fails to start after installing capsule in FIPS mode added