1FIPSCHECK(8)                       fipscheck                      FIPSCHECK(8)
2
3
4

NAME

6       fipscheck - perform a FIPS-140-2 validation check of one or more files
7

SYNTAX

9       fipscheck [-s <hmac-suffix>] file1 [file2 ...]
10

DESCRIPTION

12       fipscheck will perform a FIPS-140-2 validation of a file using a stored
13       checksum of a file. The file containing the checksum value is first
14       looked up in the /usr/lib{64,}/fipscheck directory and if not found
15       there, it will be searched for in the same directory as the file which
16       is being checksummed.
17
18       The checksum file must have '.' prepended and '.hmac' appended to the
19       original file name. The '.' must not be prepended to the file names in
20       the /usr/lib{64,}/fipscheck directory.
21
22       If invoked correctly the fipscheck command will not print anything to
23       the standard output or error and set the return code based on the test
24       result. A return code of 0 means the file passed the checksum test. A
25       value of non-zero means the checksum failed.
26
27       The -s option allows to specify the suffix of the hmac file names. The
28       default value .hmac is used when this option is not specified.
29

RETURN CODES

31       fipscheck can return the following return codes:
32
33       0 Checksum OK
34
35       1 Checksum mismatch
36
37       2 Missing filename
38
39       3 Cannot open the checksum file
40
41       4 Cannot read the file to be checksummed, or the checksum computation
42       failed
43
44       5 Memory allocation error
45
46       10 and higher - Failure during self-checking the libfipscheck.so shared
47       library
48
49       20 and higher - Failure during self-checking the fipscheck binary
50

ENVIRONMENT VARIABLES

52       If you set the environment variable FIPSCHECK_DEBUG to "error", all
53       error messages are sent to stderr. Setting this variable to "syslog"
54       will send all error messages to the syslog daemon.
55

FIPS MODE

57       A kernel compiled with CONFIG_CRYPTO_FIPS=y can be booted in fips mode
58       by specifying fips=1 as kernel parameter. If the /boot director resides
59       on a different partition, this needs to be specfied, for example
60       boot=/dev/sda2.
61

SEE ALSO

63       fipshmac(8), fipscheck.h(3), https://fedorahosted.org/fipscheck/
64

AUTHOR

66       Tomas Mraz <tmraz@redhat.com>.
67
68       Man page by Paul Wouters <pwouters@redhat.com>
69
71       Copyright 2008, 2012 Red Hat, Inc. All rights reserved.
72
73       Redistribution and use in source and binary forms, with or without
74       modification, are permitted provided that the following conditions are
75       met:
76
77       1. Redistributions of source code must retain the above copyright
78       notice, this list of conditions and the following disclaimer.
79
80       2. Redistributions in binary form must reproduce the above copyright
81       notice, this list of conditions and the following disclaimer in the
82       documentation and/or other materials provided with the distribution.
83
84
85
86fipscheck                       April 11, 2012                    FIPSCHECK(8)
Impressum