When was FIPS Enabled? RHEL 7

Latest response

In RHEL 7, Is there an indicator that shows if FIPS was enabled during the build or after?


I'm afraid I don't understand what do you mean by the "build", could you elaborate?

You can check that FIPS mode is currently enabled on a RHEL 7 system moment by issuing the following commands: * cat /proc/sys/crypto/fips_enabled (should output 1) * ls /etc/fips-enabled (should output /etc/fips-enabled)

If you need to pinpoint the moment of time when a RHEL 7 system was switched to FIPS mode, and you have past boot logs at hand, you can try to check for the first presence of cryptographic algorithm self-test notifications, or for the first presence of the fips=1 kernel parameter in the cmdline. 'Birthtime' of /etc/fips-enabled as output by stat /etc/fips-enabled might give you a clue of where to start the said search.

Hope that helps.