Check: OL08-00-010473
Oracle Linux 8 STIG:
OL08-00-010473
(in version v1 r9)
Title
OL 8 must enable the hardware random number generator entropy gatherer service. (Cat III impact)
Discussion
The most important characteristic of a random number generator is its randomness, namely its ability to deliver random numbers that are impossible to predict. Entropy in computer security is associated with the unpredictability of a source of randomness. The random source with high entropy tends to achieve a uniform distribution of random values. Random number generators are one of the most important building blocks of cryptosystems. The rngd service feeds random data from hardware device to kernel random device. Quality (nonpredictable) random number generation is important for several security functions (i.e., ciphers).
Check Content
Note: For OL versions 8.4 and above running with kernel FIPS mode enabled as specified by OL08-00-010020, this requirement is Not Applicable. Check that OL 8 has enabled the hardware random number generator entropy gatherer service. Verify the rngd service is enabled and active with the following commands: $ sudo systemctl is-enabled rngd enabled $ sudo systemctl is-active rngd active If the service is not "enabled" and "active", this is a finding.
Fix Text
Start the rngd service and enable it with the following commands: $ sudo systemctl start rngd.service $ sudo systemctl enable rngd.service
Additional Identifiers
Rule ID: SV-248599r943105_rule
Vulnerability ID: V-248599
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |