AlmaLinux OS 9 must use the TuxCare ESU repository.

STIG ID: ALMA-09-004310  |  SRG: SRG-OS-000033-GPOS-00014 |  Severity: high |  CCI: CCI-000068,CCI-000877,CCI-002450 |  Vulnerability Id: V-269125

Vulnerability Discussion

FIPS 140-3-validated packages are available from TuxCare.

The TuxCare repositories provide the packages and updates not found in the community repositories.

Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000396-GPOS-00176, SRG-OS-000478-GPOS-00223

Check

Verify that AlmaLinux OS 9 is using the TuxCare ESU repositories with the following command:

$ dnf repolist | grep tuxcare
tuxcare-base TuxCare Enterprise Support for AlmaLinux 9.2 - Base
tuxcare-esu TuxCare Enterprise Support for AlmaLinux 9.2 - ESU
tuxcare-radar TuxCare Radar

If the tuxcare-esu repository is not enabled, this is a finding.

Fix

FIPS-validated packages are available from TuxCare as part of the Enterprise Support for AlmaLinux product line. Access the packages by purchasing an ESU license key.

Configure the operating system to implement FIPS mode with the following commands (replace 9.2 with 9.6 if using that version of ESU):

$ dnf -y install https://repo.tuxcare.com/tuxcare/tuxcare-release-latest-9.2.noarch.rpm
$ tuxctl --license-key ESU-XXXXXXXXXXXXXXXXXXX
$ dnf -y upgrade
$ fips-mode-setup --enable
$ reboot
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.