'\" t
.\"     Title: fipscheck
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: April 11, 2012
.\"    Manual: fipscheck
.\"    Source: fipscheck
.\"  Language: English
.\"
.TH "FIPSCHECK" "8" "April 11, 2012" "fipscheck" "fipscheck"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
fipscheck \- perform a FIPS\-140\-2 validation check of one or more files
.SH "SYNTAX"
.PP
fipscheck [\fB\-s\fR
<\fIhmac\-suffix\fR>] file1 [file2 \&.\&.\&.]
.SH "DESCRIPTION"
.PP
fipscheck will perform a FIPS\-140\-2 validation of a file using a stored checksum of a file\&. The file containing the checksum value is first looked up in the /usr/lib{64,}/fipscheck directory and if not found there, it will be searched for in the same directory as the file which is being checksummed\&.
.PP
The checksum file must have \*(Aq\&.\*(Aq prepended and \*(Aq\&.hmac\*(Aq appended to the original file name\&. The \*(Aq\&.\*(Aq must not be prepended to the file names in the /usr/lib{64,}/fipscheck directory\&.
.PP
If invoked correctly the fipscheck command will not print anything to the standard output or error and set the return code based on the test result\&. A return code of 0 means the file passed the checksum test\&. A value of non\-zero means the checksum failed\&.
.PP
The
\fB\-s\fR
option allows to specify the suffix of the hmac file names\&. The default value
\fI\&.hmac\fR
is used when this option is not specified\&.
.SH "RETURN CODES"
.PP
fipscheck can return the following return codes:
.PP
0 Checksum OK
.PP
1 Checksum mismatch
.PP
2 Missing filename
.PP
3 Cannot open the checksum file
.PP
4 Cannot read the file to be checksummed, or the checksum computation failed
.PP
5 Memory allocation error
.PP
10 and higher \- Failure during self\-checking the libfipscheck\&.so shared library
.PP
20 and higher \- Failure during self\-checking the fipscheck binary
.SH "ENVIRONMENT VARIABLES"
.PP
If you set the environment variable FIPSCHECK_DEBUG to "error", all error messages are sent to stderr\&. Setting this variable to "syslog" will send all error messages to the syslog daemon\&.
.SH "FIPS MODE"
.PP
A kernel compiled with CONFIG_CRYPTO_FIPS=y can be booted in fips mode by specifying fips=1 as kernel parameter\&. If the /boot director resides on a different partition, this needs to be specfied, for example boot=/dev/sda2\&.
.SH "SEE ALSO"
.PP
\fBfipshmac\fR(8),
\fBfipscheck.h\fR(3),
\m[blue]\fBhttps://fedorahosted\&.org/fipscheck/\fR\m[]
.SH "AUTHOR"
.PP
Tomas Mraz <tmraz@redhat\&.com>\&.
.PP
Man page by Paul Wouters <pwouters@redhat\&.com>
.SH "COPYRIGHT"
.PP
Copyright 2008, 2012 Red Hat, Inc\&. All rights reserved\&.
.PP
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
.PP
1\&. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer\&.
.PP
2\&. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution\&.