Bug ID 1352353: Remove integrity-check configurable option from CLI

Last Modified: Oct 21, 2024

Affected Product(s):
F5OS F5OS-A, F5OS-C(all modules)

Fixed In:
F5OS-A 1.8.0, F5OS-A 1.7.0

Opened: Sep 15, 2023

Severity: 3-Major

Symptoms

In F5OS systems, root and admin users are allowed to toggle the integrity-check option from the CLI. When in FIPS mode, integrity-check should always execute on system startup and when demanded. Since the integrity-check option is configurable, users can disable it which puts the integrity of the system at risk.

Impact

An admin or root user could access the CLI and disable integrity-check. This could replace files and packages which could impact the integrity of the system.

Conditions

The configurable integrity-check option is visible when the device is in FIPS mode.

Workaround

N/A

Fix Information

We have removed the enable/disable integrity-check option from the CLI.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips