HP AE370A HP StorageWorks Fabric OS 6.x administrator guide (5697-0015, May 20 - Page 130

loading kernel . . . kjournald starting. Commit interval 5 seconds EXT3-fs: mounted filesystem with ordered data mode. VFS: Mounted root (ext3 filesystem) readonly. Trying to move old root to /initrd ... okay Freeing unused kernel memory: 108k init INIT: version 2.78 booting sh-2.04# 5. On all platforms, from the shell prompt, enter the following commands: mount -o remount,rw,noatime / mount /dev/hda2 /mnt 6. Verify the FIPS configuration by typing the following at the command prompt: /fabos/abin/fipscfg --showall 7. If FIPS mode is 'Enabled', reset it by typing the following at the command prompt: /fabos/abin/fipscfg --disable fips 8. If Selftests mode is Enabled/None or Enabled/Pass or Enabled/Failed, reset it by typing the following at the command prompt: fipscfg --disable selftests 9. Reboot the active system by typing the reboot command. 10. Login to the switch or Active CP as admin or securityAdmin, and verify that the FIPS and SELFTESTS modes have been reset by typing the fipscfg --showall command. 11. On dual CP systems, reboot the standby CP and ensure that the system comes up. FIPS mode By default, the switch will come up non-FIPS mode. You can run the command fipscfg --enable, to enable FIPS mode. Self-tests mode needs to be enabled, before FIPS mode can be enabled. A set of pre-requisites as mentioned in the table below needs to be satisfied for the system to enter FIPS mode. See the Fabric OS Command Reference Manual for additional FIPS related commands. To be FIPS-compliant, the switch needs to be rebooted. KATs will be run on the reboot. If the KATs are successful, the switch will enter FIPS mode. If KATs fail, then the switch will reboot until the KATs succeed. You will need to access the switch in single-user mode to break the reboot cycle. Only FIPS compliant algorithms will be run at this stage. Table 41 FIPS mode restrictions Features FIPS mode Non-FIPS mode Root account Telnet/SSH access SSH algorithms HTTP/HTTPS access HTTPS protocol/algorithms RPC/secure RPC access Secure RPC protocols SNMP Disabled Only SSH HMAC-SHA1 (mac) 3DES-CBC, AES128-CBC, AES192-CBC, AES256-CBC (cipher suites) HTTPS only TLS/AES128 cipher suite Secure RPC only TLS - AES128 cipher suite Read-only operations Enabled Telnet and SSH No restrictions HTTP and HTTPS TLS/AES128 cipher suite (SSL will no longer be supported) RPC and secure RPC SSL and TLS - all cipher suites Read and write operations 130 Configuring advanced security features