AlmaLinux OS 9 must enable the hardware random number generator entropy gatherer service.

STIG ID: ALMA-09-024550  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-269297

Vulnerability Discussion

The most important characteristic of a random number generator is its randomness, specifically its ability to deliver random numbers that are impossible to predict. Entropy in computer security is associated with the unpredictability of a source of randomness. The random source with high entropy tends to achieve a uniform distribution of random values. Random number generators are one of the most important building blocks of cryptosystems.

The rngd service feeds random data from hardware device to kernel random device. Quality (nonpredictable) random number generation is important for several security functions (i.e., ciphers).

Check

Note: For AlmaLinux OS 9 systems running with FIPS mode enabled, this requirement is Not Applicable.

Verify that AlmaLinux OS 9 has enabled the hardware random number generator entropy gatherer service with the following command:

$ systemctl is-active rngd

active

If the "rngd" service is not active, this is a finding.

Fix

Install the rng-tools package with the following command:

$ dnf install rng-tools

Then enable the rngd service run the following command:

$ systemctl enable --now rngd
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.