FATAL FIPS SELFTEST FAILURE message on RMS ( CCS data collections )

book

Article ID: 156525

calendar_today

Updated On:

Products

Control Compliance Suite Unix Control Compliance Suite Windows

Issue/Introduction

FATAL FIPS SELFTEST FAILURE message on RMS ( CCS data collections )

\fips\fips.c(146): Open SSL internal Error, assertion failed: FATAL FIPS SELFTEST FAILURE

Cause

FIPS is enbled.

 Unix agent running does not have the latest rapid fires applied.

 Unix running in agentless mode does not require FIPS to be enabled.

Resolution

Run a query that lists the latest rapid fires.  Evaluate query results to verify there are no agents that have any rapid fires below rf10548.  If there are, apply the latest rapid fires to that agent if it is a fips enabled agent.

Version at least: 

FIPS enabled Unix AIX agent version:10.50.33.20100

FIPS enabled Unix RedHat agent version:10.50.33.20100

FIPS enabled Unix SuSe agent version:10.50.33.20100

FIPS enabled Unix SunOS-sparc-32 agent version:10.50.33.20100

FIPS enabled Unix SunOS-386-32 agent version:10.50.33.20100

FIPS enabled Unix HP-UX-ia64-64 (itanium) agent version:10.50.33.20100

FIPS enabled Unix HP-UX-pa-risc-32 agent version:10.50.33.20100

To enable/disable FIPS ;

To run the setfips.vbs utility

1 Go to the command prompt and connect to the directory <product installation directory>\Program Files\Symantec\RMS\Tools:

2 Execute the command, cscript setfips.vbs /e to enable the FIPS mode on the Information Server.

Note: Restart the RMS console after running this utility

Execute the command, cscript setfips.vbs /d  to disable  the FIPS mode on the Information Server.

This utility sets the FIPS mode ON and the UNIX agents can be queried using the new encryption mechanism.  Unix running in agentless mode does not require FIPS to be enabled.


Applies To

CCS version; 10.5.1

What was the latest PCU applied?

PCU 2012-1 --- Product Version: 10.50.530.20300 - applied update to 10.50.530.20400 to data collections.
Applied update to all MQE hosts and updated ECS to finish the 2012-2 update.

What version AIX hosts is this occurring on?

"AIX","6.1

Are you running Agentbased or agentless bv-Control for Unix agents? Agentless

AIX security essentials standard for AIX servers

Related enhancements of 2011-4 Updates
The 2012-1 Update contains the rolled-up enhancements of the 2011-4 Update.
Enhancements in Control Compliance Suite
The 2011-4 Update of Control Compliance Suite contains the following

 

Attachments

FIPS fatal error.bmp get_app