Install cryptsetup Package

An XCCDF Rule

Description

The cryptsetup package can be installed with the following command:

$ sudo dnf install cryptsetup

Rationale

LUKS is the upcoming standard for Linux hard disk encryption. By providing a standard on-disk format, it does not only facilitate compatibility among distributions, but also provide secure management of multiple user passwords. In contrast to existing solution, LUKS stores all necessary setup information in the partition header, enabling the user to transport or migrate their data seamlessly. LUKS for dm-crypt is implemented in cryptsetup.

ID: xccdf_org.ssgproject.content_rule_package_cryptsetup-luks_installed
Severity: Medium
References: 3.5.1.2
Updated: about 1 month ago

Remediation Templates

package install cryptsetup

- name: Ensure cryptsetup is installed
  package:
    name: cryptsetup
    state: present
  tags:
  - PCI-DSSv4-3.5.1.2  - enable_strategy
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - package_cryptsetup-luks_installed

package --add=cryptsetup

include install_cryptsetup
class install_cryptsetup {
  package { 'cryptsetup':
    ensure => 'installed',
  }
}

[[packages]]
name = "cryptsetup"
version = "*"

if ! rpm -q --quiet "cryptsetup" ; then
    dnf install -y "cryptsetup"
fi

Install cryptsetup Package

Description

Rationale

Remediation Templates

script:kickstart

An Ansible Snippet

Anaconda Pre-Install Instructions

A Puppet Snippet

OS Build Blueprint

A Shell Script