Enabling FIPS Mode on the ArcSight Database Server

This step is needed only if your environment requires FIPS.

To enable the FIPS mode for the ArcSight database, you must configure the operating system to FIPS mode.

Note: Some of the following steps are performed in a single node (ArcSightDatabase node1), while some are performed in all nodes. For clarity, when not specified, the step must be executed only on ArcSightDatabase node1.
If you're performing an upgrade, you can perform the procedure below starting from step 1. If you're performing a fresh install, please proceed to step 5 of the procedure.
  1. Log in to ArcSight Database node1.

  2. Navigate to the /opt/arcsight-db-tools directory.

  3. Stop data ingestion:

    ./kafka_scheduler stop
  4. Stop the database:

    ./db_installer stop-db
  5. Run the following commands (to be performed in all nodes):

    fips-mode-setup --enable 
    
    reboot
  6. To verify whether FIPS mode is enabled on the server, run the following command (to be performed in all nodes):

    /usr/bin/fips-mode-setup --check
    

    In case the above command fails, you can verify with these alternative commands:

    sysctl crypto.fips_enabled
    cat /proc/sys/crypto/fips_enabled
  7. Run the following command (to be performed in all nodes):

    rm /opt/vertica/lib/libcrypto.* /opt/vertica/lib/libssl.*

    This command in the database nodes will generate a verification prompt for the deletion of each folder. Enter a "y" to agree, and then hit enter.

  8. Verify that the Zulu8 RPM package is installed using the following command. 

    rpm -qa | grep zulu

    The command will return an empty message if Zulu8 is not installed, but will return the filename of the Zulu8 package if installed. If Zulu8 is already installed, skip to Step 11.

  9. (Conditional) If Step 8 returns an empty message, then determine the latest Zulu8 package on the Azul web site (www.azul.com) for Java8 and your OS. Download the file using this command:

    wget <Zulu8 download URL>
    
  10. (Conditional) Install the Zulu8 file that you downloaded by running the following command on each node:

    rpm --nodigest --nofiledigest -i <Zulu8 filename>
  1. Restart the ArcSight database:

    ./db_installer start-db
  2. Restart data ingestion:

    ./kafka_scheduler start

Disabling FIPS Mode

To disable FIPS mode, run the following commands on each ArcSight database node.

fips-mode-setup --disable
reboot