{{{ oval_metadata("Check if FIPS mode is enabled on the system", rule_title=rule_title) }}} {{% if bootable_containers_supported == "true" %}} {{%- if product not in ["rhel10", "rhel9"] -%}} {{%- endif -%}} {{% endif %}} {{% if bootable_containers_supported == "true" %}} {{% endif %}} {{%- if product not in ["rhel10", "rhel9"] -%}} {{%- endif -%}} {{% if "ol" in families or "rhel" in product %}} {{% if product in ["ol8", "rhel8"] %}} {{% else %}} {{% endif %}} {{% endif %}} {{% if bootable_containers_supported == "true" %}} {{% endif %}} /usr/lib/bootc/kargs.d/ ^.*\.toml$ ^kargs[\s]*=[\s]*\[([^\]]+)\]$ 1 ^.*"[\s]*fips[\s]*=[\s]*1[\s]*".*$ ^/boot/loader/entries/.*.conf ^options (.*)$ 1 ^(?:.*\s)?fips=1(?:\s.*)?$ var_system_crypto_policy {{% if product in ["ol9","rhel9","rhel10","fedora"] -%}} ^FIPS(:(OSPP|STIG))?$ {{%- else %}} {{# Legacy and more relaxed list of crypto policies that were historically considered FIPS-compatible. More recent products should use the more restricted list of options #}} ^FIPS(:(OSPP|NO-SHA1|NO-CAMELLIA|STIG))?$ {{%- endif %}} {{% if product in ["ol8","rhel8"] %}} /boot/grub2/grubenv fips=1 1 {{% endif %}} /proc/sys/crypto/fips_enabled ^1$ 1