Enabling FIPS Mode on the Database Server

To enable the FIPS mode for the database, you must configure the operating system to FIPS mode.

1. Log in to the database node1.

2. Navigate to the /opt/arcsight-db-tools directory.

3. Stop data ingestion:

   ./kafka_scheduler stop

4. Stop the database:

   ./db_installer stop-db

5. Run the following commands (to be performed in all nodes):

   fips-mode-setup --enable 
   

   reboot

6. To verify whether FIPS mode is enabled on the server, run the following command (to be performed in all nodes):

   /usr/bin/fips-mode-setup --check

   In case the above command fails, you can verify with these alternative commands:

   sysctl crypto.fips_enabled

   cat /proc/sys/crypto/fips_enabled

7. Run the following command (to be performed in all nodes):

   rm /opt/vertica/lib/libcrypto.* /opt/vertica/lib/libssl.*

   This command in the database nodes will generate a verification prompt for the deletion of each folder. Enter a "y" to agree, and then hit enter.

8. Verify that Zulu8 RPM package is installed using the following command. The command will return an empty message if Zulu8 is not installed, but will return the filename of the Zulu8 package if installed. If Zulu8 is already installed, skip to Step 11.

   rpm -qa | grep zulu

9. (Conditional) If Step 8 returns an empty message, then determine the latest Zulu8 package on the Azul web site (www.azul.com) for Java8 and your OS. Download the file using this command:

   wget <Zulu8 download URL>
   

10. (Conditional) Install the Zulu8 file that you downloaded by running the following command on each node:

    rpm --nodigest --nofiledigest -i <Zulu8 filename>

11. Restart the database:

    ./db_installer start-db

12. Restart data ingestion:

    ./kafka_scheduler start

Disabling FIPS Mode

To disable FIPS mode, run the following commands on each database node.

fips-mode-setup --disable
reboot