You can enable FIPS mode to ensure that a Linux sensor can only communicate with a backend in compliance with FIPS standards.

Prerequisites

Before you can enable FIPS compliance, you must enable disk encryption on the endpoint.

Important: The Linux Sensor only supports FIPS on endpoints using RHEL.
  1. Open a shell terminal with a root privilege.
  2. To install the dracut-fips package, run the following command: 
    $ yum install -y dracut-fips
  3. Back up the initramfs file.
  4. To recreate an initramfs image, run the following command: 
    dracut -f
  5. To modify kernel line argument, run the following commands: 
    $ grubby --update-kernel=$(grubby --default-kernel) --args=fips=1
$ uuid=$(findmnt -no uuid /boot)
$ [[ -n $uuid ]] && grubby --update-kernel=$(grubby --default-kernel) --args=boot=UUID=${uuid}
  6. To reboot your machine, run the following command: 
    $ reboot
  7. To verify that FIPS mode is enabled on the endpoint, run the following command. The resulting output of 1=enabled; 0=disabled. 
    $ sysctl crypto.fips_enabled
  8. To put libraries in place, install a FIPS-validated module.