Long Range (LoRa) communications are gaining popularity in the Industrial Internet of Things (IIoT) domain due to their large coverage and high energy efficiency. However, LoRa-enabled IIoT networks are susceptible to cyberattacks mainly due to their wide transmission window and freely operated frequency band. This has led to several categories of cyberattacks. However, existing intrusion detection systems are inefficient in detecting compromised device due to the dense deployment and heterogeneous devices. This work introduces Hawk, a distributed anomaly detection system for detecting compromised devices in LoRa-enabled IIoT. Hawk first measures a device-type specific physical layer feature, Carrier Frequency Offset (CFO) and then leverages the CFO for fingerprinting the device and consequently detecting anomalous deviations in the CFO behavior, potentially caused by adversaries. To aggregate the device-type specific CFO behavior profile efficiently, Hawk uses federated learning. To the best of our knowledge, Hawk is the first to use a federated learning method for anomaly-based intrusion detection in LoRa-enabled IIoT. We perform extensive experiments on a real-world dataset collected using 60 LoRa devices, primarily to assess the effectiveness of Hawk against passive attacks. The results show that Hawk improves the detection accuracy by 8% and reduces the storage overhead by 40% than the state-of-the-art solutions.