Enable the Hardware RNG Entropy Gatherer Service

Description

The Hardware RNG Entropy Gatherer service should be enabled. The rngd service can be enabled with the following manifest:

---
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  labels:
    machineconfiguration.openshift.io/role: master
  name: 75-master-rngd-enable
spec:
  config:
    ignition:
      version: 3.1.0
    systemd:
      units:
      - name: rngd.service
        enabled: true

This will enable the rngd service in all the nodes labeled with the "master" role.

Note that this needs to be done for each MachineConfigPool

For more information on how to configure nodes with the Machine Config Operator see the relevant documentation.

Rationale

The rngd service feeds random data from hardware device to kernel random device.

ID: xccdf_org.ssgproject.content_rule_service_rngd_enabled
Severity: Low
References: CCI-000366

FCS_RBG_EXT.1

SRG-OS-000480-GPOS-00227

CCE-82535-6
Updated: about 1 year ago