Fedora
Z Varhoo
(Rozdíly mezi verzemi)
(→Fedora 16) |
(→enable FIPS) |
||
(Není zobrazena 1 mezilehlá verze od 1 uživatele.) | |||
Řádka 25: | Řádka 25: | ||
sudo yum provide /*kinit |
sudo yum provide /*kinit |
||
+ | |||
+ | == enable FIPS == |
||
+ | |||
+ | How to enable FIPS on RHEL/Fedora |
||
+ | |||
+ | killall prelink |
||
+ | sed -i 's/PRELINKING=.*/PRELINKING=no/g' /etc/sysconfig/prelink |
||
+ | prelink -u -a |
||
+ | echo 'OPENSSL_ENFORCE_MODULUS_BITS=true' >> /etc/environment |
||
+ | echo 'export OPENSSL_ENFORCE_MODULUS_BITS=true' > /etc/profile.d/openssl.sh |
||
+ | chmod +x /etc/profile.d/openssl.sh |
||
+ | echo 'setenv OPENSSL_ENFORCE_MODULUS_BITS true' > /etc/profile.d/openssl.csh |
||
+ | chmod +x /etc/profile.d/openssl.csh |
||
+ | yum install dracut-fips -y |
||
+ | yum remove -y dracut-fips-aesni |
||
+ | dracut -f |
||
+ | sed -i --follow-symlinks 's/ fips=[01]/ /g' /boot/grub/grub.conf |
||
+ | |||
+ | set fips=1 for file /boot/grub/grub.conf |
||
+ | |||
+ | reboot |
||
+ | |||
+ | Check if fips works |
||
+ | |||
+ | cat /proc/sys/crypto/fips_enabled |
||
+ | |||
+ | od you can run some script that used md5 method from hashlib |
||
+ | |||
+ | # python -c "import hashlib; hashlib.md5()" |
||
+ | Traceback (most recent call last): |
||
+ | File "<string>", line 1, in <module> |
||
+ | ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips |
Aktuální verze z 20. 1. 2015, 14:11
[editovat] Fedora 16
Další odkazy
- VMware - virtualizace
Instalace javy do Fedory 16
Použití třeba pro mojibanka od Komerční banky
# yum install icedtea-web.x86_64 # rpm -ql icedtea-web-1.1.4-4.fc16.x86_64
nutné ještě nalinkovat soubor "/usr/lib64/IcedTeaPlugin.so" do svého domovského adresáře
# cd ~/.mozilla/plugins # ln -s /usr/lib64/IcedTeaPlugin.so
[editovat] Práce s YUMem
Vyhledání balíčku podle příkazu ke spuštění
sudo yum provide /*<name of program>
příklad
sudo yum provide /*kinit
[editovat] enable FIPS
How to enable FIPS on RHEL/Fedora
killall prelink sed -i 's/PRELINKING=.*/PRELINKING=no/g' /etc/sysconfig/prelink prelink -u -a echo 'OPENSSL_ENFORCE_MODULUS_BITS=true' >> /etc/environment echo 'export OPENSSL_ENFORCE_MODULUS_BITS=true' > /etc/profile.d/openssl.sh chmod +x /etc/profile.d/openssl.sh echo 'setenv OPENSSL_ENFORCE_MODULUS_BITS true' > /etc/profile.d/openssl.csh chmod +x /etc/profile.d/openssl.csh yum install dracut-fips -y yum remove -y dracut-fips-aesni dracut -f sed -i --follow-symlinks 's/ fips=[01]/ /g' /boot/grub/grub.conf set fips=1 for file /boot/grub/grub.conf
reboot
Check if fips works
cat /proc/sys/crypto/fips_enabled
od you can run some script that used md5 method from hashlib
# python -c "import hashlib; hashlib.md5()" Traceback (most recent call last): File "<string>", line 1, in <module> ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips