node_exporter icon indicating copy to clipboard operation
node_exporter copied to clipboard

Published 20 hours ago verified publisher icon prometheus

Added fips collector for exposing fips_enabled status

Open adidiborg opened this issue 3 years ago • 2 comments

Hi @SuperQ @discordianfish

Add a fips collector to expose if fips is enabled or not. To check fips is enabled or not can be done by

[root@localhost ~]# cat /proc/sys/crypto/fips_enabled
0
[root@localhost ~]#

Federal Information Processing Standards (FIPS) is used to verify compliance with FIPS 140-2 security requirements for cryptographic modules.

# HELP node_fips_status FIPS status (0-disabled/1-enabled) from /proc/sys/crypto/fips_enabled.
# TYPE node_fips_status gauge
node_fips_status 0

Have kept fips collector Disabled by default.

Signed-off-by: Aditya Borgaonkar [email protected]

adidiborg avatar Mar 11 '22 09:03 adidiborg

@discordianfish , So in /proc/sys/crypto dir there is only fips_enabled file. In that case, Do I need to create similar collector in https://github.com/prometheus/procfs and it will be synced in this repository?

adidiborg avatar Mar 23 '22 12:03 adidiborg

@adityaborgaonkar Yes, add the parsing to procfs and after merging it you can bump the procfs dependency in go.mod here

discordianfish avatar Mar 26 '22 10:03 discordianfish