Page MenuHomePhabricator

check available entropy in whonixcheck
Closed, ResolvedPublic

Description

It should not be an issue in most cases, but when someone attempts a port to another platform it might be an issue. Good to check for it protectively.

Similar to:
https://github.com/martincmelik/Securix-Linux/blob/master/securix-control/securix-monitor#L165

# Check entropy available bits, 112 is FIPS-140 requirement
ENTROPYSIZE="$(cat /proc/sys/kernel/random/entropy_avail)"
if [ "${ENTROPYSIZE}" -lt "112" ]; then
    echo "--- PROBLEM: You have low available entropy. It can potentially affect or DoS your server/service. Install rng-tools to temporary solve it"
    touch "${SECURIXVAR}/entropy.critical"
else
    echo "--- OK: You have enough entropy available"
    rm -f "${SECURIXVAR}/entropy.critical"
fi

Details

Impact
Normal