Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/acardace/fips-detect
Detect whether your system/container and your Golang binary are ready to run in FIPS mode.
https://github.com/acardace/fips-detect
containers fips golang openssl
Last synced: about 1 month ago
JSON representation
Detect whether your system/container and your Golang binary are ready to run in FIPS mode.
- Host: GitHub
- URL: https://github.com/acardace/fips-detect
- Owner: acardace
- License: apache-2.0
- Created: 2021-06-11T08:12:32.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2023-03-09T08:34:06.000Z (over 1 year ago)
- Last Synced: 2024-06-19T19:40:26.628Z (5 months ago)
- Topics: containers, fips, golang, openssl
- Language: Go
- Homepage:
- Size: 1.56 MB
- Stars: 9
- Watchers: 1
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# fips-detect
Detect whether your system/container and your Golang binary are ready to run in FIPS mode.
# How it works
**fips-detect** does a couple of checks on the running system and the supplied binary to see if everything is in place to correctly run in FIPS mode*, these checks are:
- Checks if `/proc/sys/crypto/fips_enabled` is `1`
- Looks inside `/usr/lib[64]` and `/lib[64]` for a (OpenSSL lib) `libcrypto.so` that is FIPS-capable.
- Checks if the ELF binary has undefined references to FIPS symbols in `libcrypto.so` (which means it was compiled with [Red Hat's Go toolset] or that it's using goboring)
*the correct definitions is actually: if the binary has everything it should to run using a FIPS-capable cryptographic module.
# Install
Just `go get github.com/acardace/fips-detect`.
Run `go build fips-detect.go`
# Usage
Run `./fips-detect `
[Red Hat's Go toolset]: https://developers.redhat.com/blog/2019/06/24/go-and-fips-140-2-on-red-hat-enterprise-linux