Installing haveged
MFT Server instances running on headless environments (namely Linux, CentOS, Ubunta) may suffer from slow-startup time due to entropy issues when using FIPS libraries. It is for this reason that FIPS related libraries were placed in a separate directory rather than including them in the default "libs" directory. A work-around for this slow-startup issue is to install Haveged to ensure that the entropy pool is more quickly populated in a headless environment. The following sections outline the steps for installing haveged in Debian-based and Red Hat-based Linux distros.
Red Hat (e.g. RHEL, Fedora, CentOS)
Note: Certain Red Hat-distros, like RHEL or CentOS, will require you to Adding the EPEL repository (for RHEL and CentOS) before you can install haveged through yum. Other Red Hat-based distros (e.g. Fedora) don't have this requirement.
-
Install haveged by running this command:
yum install haveged -
To start haveged automatically upon server boot up, run this command:
chkconfig haveged on -
Reboot your Linux server
Debian (e.g. Ubuntu, Knoppix, Linux Mint)
-
Install haveged by running this command:
apt-get install haveged -
Open the file
/etc/default/havegedand make sure that the following setting is present and not commented.DAEMON_ARGS="-w 1024" -
To start haveged automatically upon server boot up, run this command:
update-rc.d haveged defaults
Adding the EPEL repository (for RHEL and CentOS)
-
Create a temporary directory where you will store the EPEL repository rpm file by executing the mkdir command:
e.g.
mkdir downloads -
Navigate into that newly created directory and then download the EPEL repository rpm file by running this command (This will download EL7):
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -
Execute this command to install the newly downloaded rpm package:
sudo yum install epel-release-latest-7.noarch.rpm
Once the installation completes, you should be ready to install haveged.