Adjust FIPS enable_fips_mode for RHEL 10

[Mab879]

Description:

Adjust FIPS enable_fips_mode for RHEL 10

Rationale:

Fixes #12405

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)

Fedora Testing Environment

Oracle Linux 8 Environment

[github-actions]

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

OVAL for rule 'xccdf_org.ssgproject.content_rule_enable_fips_mode' differs.
--- oval:ssg-enable_fips_mode:def:1
+++ oval:ssg-enable_fips_mode:def:1
@@ -1,5 +1,5 @@
 criteria AND
-extend_definition oval:ssg-etc_system_fips_exists:def:1
+criterion oval:ssg-test_proc_sys_crypto_fips_enabled:tst:1
 extend_definition oval:ssg-sysctl_crypto_fips_enabled:def:1
 extend_definition oval:ssg-enable_dracut_fips_module:def:1
 extend_definition oval:ssg-configure_crypto_policy:def:1

[github-actions]

🤖 A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:12414
This image was built from commit: 4be6192

Click here to see how to deploy it

If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:12414

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:12414 make deploy-local

[jan-cerny]

Should the check for /proc/sys be used on all systems? Isn't it only for RHEL 10? And should the /etc/system-fips be checked on RHEL 10 if it's deprecated?

[Mab879]

The /proc/sys/crypto/fips_enabled does exist on RHEL 7. I will just use it everywhere.

[codeclimate]

Code Climate has analyzed commit 4be6192 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.5% (0.0% change).

View more on Code Climate.