Detections
Analytics
ALMA-09-004320 - AlmaLinux OS 9 must use the TuxCare FIPS packages and not the default encryption packages.
Information
FIPS 140-3-validated packages are available from TuxCare here: https://tuxcare.com/fips-for-almalinux/The original community packages must be replaced with the versions that have gone through the CMVP.
Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000478-GPOS-00223, SRG-OS-000396-GPOS-00176, SRG-OS-000125-GPOS-00065
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Ensure FIPS-validated packages are in use instead of OS defaults using the following commands:$ dnf -y upgrade
$ reboot
After rebooting into a FIPS kernel, remove the OS default kernel packages, using for example:
$ dnf remove kernel-5.14.0-284.11.1.el9_2.x86_64 kernel-5.14.0-284.30.1.el9_2.x86_64
$ dnf autoremove
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CL_AlmaLinux_OS_9_V1R6_STIG.zip
Item Details
Audit Name: DISA Cloud Linux AlmaLinux OS 9 STIG v1r6
Category: ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION
References: 800-53|AC-17(2), 800-53|MA-4c., 800-53|SC-13, CAT|I, CCI|CCI-000068, CCI|CCI-000877, CCI|CCI-002450, Rule-ID|SV-269126r1107617_rule, STIG-ID|ALMA-09-004320, Vuln-ID|V-269126
Plugin: Unix
Control ID: d1f4da2b98043db00ac4168b73acc91d7fb31ea366fe97ff104e74e0ddd12f2e