Install cryptsetup Package

An XCCDF Rule

Description

The cryptsetup package can be installed with the following command:

$ sudo dnf install cryptsetup

Rationale

LUKS is the upcoming standard for Linux hard disk encryption. By providing a standard on-disk format, it does not only facilitate compatibility among distributions, but also provide secure management of multiple user passwords. In contrast to existing solution, LUKS stores all necessary setup information in the partition header, enabling the user to transport or migrate their data seamlessly. LUKS for dm-crypt is implemented in cryptsetup.

ID: xccdf_org.ssgproject.content_rule_package_cryptsetup-luks_installed
Severity: Medium
References: 3.5 3.5.1 3.5.1.2
Updated: about 1 month ago

Remediation Templates

include install_cryptsetup
class install_cryptsetup {
  package { 'cryptsetup':
    ensure => 'installed',
  }
}

- name: Ensure cryptsetup is installed
  package:
    name: cryptsetup
    state: present
  tags:
  - PCI-DSSv4-3.5  - PCI-DSSv4-3.5.1
  - PCI-DSSv4-3.5.1.2
  - enable_strategy
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - package_cryptsetup-luks_installed

package install cryptsetup

[[packages]]
name = "cryptsetup"
version = "*"

dnf install cryptsetup

package --add=cryptsetup

if ! rpm -q --quiet "cryptsetup" ; then
    dnf install -y "cryptsetup"
fi

Install cryptsetup Package

Description

Rationale

Remediation Templates

A Puppet Snippet

An Ansible Snippet

script:kickstart

OS Build Blueprint

script:bootc

Anaconda Pre-Install Instructions

A Shell Script