Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Try the Preview!
The FIPS Agent is in Preview.
The FIPS Agent is available only in the US1-FED region.
The FIPS Agent is a flavor of the Datadog Agent that natively supports Federal Information Processing Standards (FIPS) compliance. The FIPS Agent replaces the FIPS proxy and includes limited support for integrations that need to collect observability data that is external to the host.
The Datadog FIPS Agent is in Preview and has not been fully audited. Install and test the Agent only on hosts that are not critical to production workloads. For production workloads, see Datadog FIPS Compliance.
Requirements
Linux:
- A non-containerized Linux host.
- Your Linux OS must be in FIPS-compliant mode. See your OS vendor’s documentation on what steps are required to meet this requirement.
- FIPS-compliant storage backing the host file system.
Windows:
- A non-containerized Windows host.
- Windows must be in FIPS-compliant mode.
- FIPS-compliant storage backing the host file system.
In addition to the Operating System (OS) requirements above:
- You must have access to a FIPS-compliant Datadog environment (US1-FED or GovCloud).
- The FIPS Agent is only available on Agent versions 7.63 and above.
Installation
The Datadog FIPS Agent is in Preview and has not been fully audited. Install and test the Agent only on hosts that are not critical to production workloads.
Remove any fips-proxy installations on the host by uninstalling the datadog-fips-proxy package with your OS package manager. For example:
Red Hat
sudo yum remove datadog-fips-proxy
Ubuntu/Debian
sudo apt-get remove datadog-fips-proxy
Ensure that the Agent’s configuration file does not contain any FIPS proxy settings. FIPS proxy settings use the fips.* prefix.
Use the instructions for your OS to uninstall the Datadog Agent.
Install the Agent with FIPS support.
Note: FIPS support is only available on Agent versions 7.63.0 and above:
If you’re using the Agent install script, specify the DD_AGENT_FLAVOR="datadog-fips-agent" environment variable in your installation command. For example:
DD_SITE="ddog-gov.com" DD_API_KEY="MY_API_KEY" DD_AGENT_FLAVOR="datadog-fips-agent" … bash -c "$(curl -L https://s3.amazonaws.com/dd-agent/scripts/install_script_agent7.sh)"
If you’re installing with a package, follow the instructions to install the latest datadog-fips-agent package available for your platform.
Add GOFIPS=1 to your Datadog environment variables, reload all service units, and restart the Datadog Agent service (datadog-agent.service). For example, if your host is using systemd:
echo "GOFIPS=1" | sudo tee -a /etc/datadog-agent/environment
systemctl daemon-reload
systemctl restart 'datadog-agent*'
Run the datadog-agent status command and make sure you see FIPS Mode: enabled in the status output.
The Datadog FIPS Agent is in preview and has not been fully audited. Install and test the Agent only on hosts that are not critical to production workloads.
Follow the Windows instructions to uninstall the Datadog Agent.
Run the command below to install the FIPS Agent, replacing MY_API_KEY with your API key:
Note: FIPS support is only available on Agent versions 7.63.0 and above:
Start-Process -Wait msiexec -ArgumentList '/qn /i "https://s3.amazonaws.com/ddagent-windows-stable/beta/datadog-fips-agent-7.63.0-rc.7-fips-preview.msi" APIKEY="MY_API_KEY" SITE="ddog-gov.com"'
To install a different preview version of the FIPS Agent, search the list of stable Agent versions for datadog-fips-agent and replace the MSI in the command above with your desired version.
Run the Agent status command and make sure you see FIPS Mode: enabled in the status output.
& "$env:ProgramFiles\Datadog\Datadog Agent\bin\agent.exe" status
Note: The program name for the FIPS Agent in Add or Remove Programs is “Datadog FIPS Agent.”
Further reading
Documentation, liens et articles supplémentaires utiles:
