Feature #3511
closed
As a security person, I would like Foreman to run in FIPS mode
Added by Anonymous over 10 years ago. Updated almost 6 years ago.
Updated by Anonymous over 10 years ago
- setup foreman, smart_proxy, and puppet in FIPS mode
- see what breaks
Updated by Eric Helms almost 9 years ago
- Related to Feature #5313: FIPS compliancy added
Updated by Dominic Cleal over 8 years ago
- Has duplicate Bug #12314: Foreman does not work with FIPS enabled added
Updated by Dominic Cleal over 8 years ago
Linked ticket #12314 has some specifics.
Updated by Trevor Vaughan over 8 years ago
Just wanted to make a note that a lot of the issue here may be that ActiveRecord does not support FIPS mode due to the explicit use of MD5.
Relevant Search: https://github.com/rails/rails/search?utf8=%E2%9C%93&q=md5
Updated by Anonymous over 6 years ago
Please see https://groups.google.com/forum/#!topic/foreman-dev/CZFAY5FQl80 for the discussion of potential approaches.
Updated by James Shewey over 6 years ago
- Subject changed from As a securiyt person, I would like Foreman to run in FIPS mode to As a security person, I would like Foreman to run in FIPS mode
I have opened https://github.com/rails/rails/issues/31203 upstream for this issue. Meanwhile, it appears that forman uses Digest::MD5 in the following places:
./migrate/20140912113254_add_password_hash_to_operatingsystem.rb
./migrate/20150428110835_change_os_default_password_hash.rb
./app/controllers/api/v1/operatingsystems_controller.rb
./app/controllers/api/v2/operatingsystems_controller.rb
./app/helpers/unattended_helper.rb
./app/helpers/application_helper.rb
./app/models/setting/email.rb
./app/services/password_crypt.rb
./app/views/unattended/provisioning_templates/snippet/_bmc_nic_setup.erb
https://github.com/theforeman/foreman/search?utf8=%E2%9C%93&q=md5&type=
Updated by Anonymous over 6 years ago
- Related to Feature #21748: Replace crypto- and hash-functions unapproved by FIPS with FIPS-approved ones added
Updated by Anonymous over 6 years ago
- Related to Feature #21749: Create CI environment with FIPS enabled added
Updated by Anonymous over 6 years ago
- Related to Feature #21750: Investigate Rails caching with FIPS enabled added
Updated by Anonymous over 6 years ago
- Related to Feature #21751: Investigate interoperability with Salt with FIPS enabled added
Updated by Anonymous over 6 years ago
- Related to Feature #21752: Investigate interoperability with BMC/IPMI with FIPS enabled added
Updated by Anonymous over 6 years ago
- Related to Feature #21753: Introduce verification of 3rd-party ssl certificates for FIPS-approved hash functions added
Updated by Anonymous over 6 years ago
- Related to Feature #21754: Investigate interoperability with Puppet with FIPS enabled added
Updated by Anonymous over 6 years ago
- Related to Feature #21755: Update dhcpd puppet module to use FIPS-approved hash function for omapi shared secret added
Updated by Anonymous over 6 years ago
- Related to Feature #21756: Update bind puppet module to use FIPS-approved hash function for dhcpd shared secret added
Updated by Anonymous over 6 years ago
Email thread with FIPS support discussion: https://groups.google.com/forum/#!search/foreman-dev/foreman-dev/CZFAY5FQl80/Ylxy-I7bBQAJ
Updated by Anonymous over 6 years ago
- Related to Feature #21875: Add support for sha512 grub passwords to provisioning templates added
Updated by Ivan Necas over 6 years ago
- Blocked by Bug #22583: Replace MD5 by SHA1 for apipie cache checksum added
Updated by Ivan Necas over 6 years ago
- Blocked by Bug #23128: Deface uses MD5 and doesn't work in FIPS-enable environment added
Updated by Peter Ondrejka over 6 years ago
- Blocked by Bug #23130: unable to install theforeman-foreman_scap_client in FIPS-enabled environment added
Updated by Peter Ondrejka about 6 years ago
- Blocked by Bug #23312: angular-rails-templates uses MD5 causing problems FIPS-enabled envrionments added
Updated by Peter Ondrejka about 6 years ago
- Related to Bug #23363: Katello uses md5hash function incompatible with FIPS-enabled environments added
Updated by Anonymous about 6 years ago
- Blocked by Tracker #21834: Rails 5.2 upgrade tasks added
Updated by Peter Ondrejka almost 6 years ago
- Related to Bug #24732: FIPS Scheduled synchronization task ends with PG::UniqueViolation: ERROR: duplicate key value violates unique constraint "index_katello_repository_rpms_on_rpm_id_and_repository_id" added
Updated by Peter Ondrejka almost 6 years ago
- Related to Bug #24889: Docker repository sync on FIPS system fails with TypeError: can't quote ActiveSupport::HashWithIndifferentAccess added
Updated by Ivan Necas almost 6 years ago
- Blocked by Feature #22119: Replace MD5 hashes with SHA added
Updated by Ivan Necas almost 6 years ago
Anyone with permissions, could you switch status on this to closed, as we're not aware of anything else right now to address, and things should just work(TM) in 1.20
Updated by Anonymous almost 6 years ago
- Status changed from New to Resolved
- Fixed in Releases 1.20.0 added
The rest is related mainly to plugins.
Updated by Ondřej Pražák over 5 years ago
- Blocked by Bug #25447: Unable to create puppet certificate request from RHEL5 with fips enabled added
Updated by Ivan Necas over 5 years ago
- Related to Bug #24974: The kafo configure is generating incorrect 'foreman-proxy-client-bundle.pem' which is not allowing httpd service to start added
Updated by Ivan Necas over 5 years ago
- Related to Feature #26203: Allow provisioning hosts into FIPS mode added
Updated by Ivan Necas over 5 years ago
- Related to Feature #26204: Allow provisioning hosts into FIPS mode added
Updated by Ewoud Kohl van Wijngaarden over 5 years ago
- Related to Bug #26088: httpd fails to start after installing capsule in FIPS mode added