Install cryptsetup Package
An XCCDF Rule
Description
The cryptsetup
package can be installed with the following command:
$ sudo yum install cryptsetup
Rationale
LUKS is the upcoming standard for Linux hard disk encryption. By providing a standard
on-disk format, it does not only facilitate compatibility among distributions, but also
provide secure management of multiple user passwords. In contrast to existing solution,
LUKS stores all necessary setup information in the partition header, enabling the user
to transport or migrate their data seamlessly. LUKS for dm-crypt is implemented in
cryptsetup
.
- ID
- xccdf_org.ssgproject.content_rule_package_cryptsetup-luks_installed
- Severity
- Medium
- References
- Updated
Remediation - Puppet
include install_cryptsetup
class install_cryptsetup {
package { 'cryptsetup':
ensure => 'installed',
}
Remediation - Shell Script
if ! rpm -q --quiet "cryptsetup" ; then
yum install -y "cryptsetup"
fi
Remediation - Anaconda Pre-Install Instructions
package --add=cryptsetup
Remediation - OS Build Blueprint
[[packages]]
name = "cryptsetup"
version = "*"
Remediation - Ansible
- name: Ensure cryptsetup is installed
package:
name: cryptsetup
state: present
tags:
- PCI-DSSv4-3.5.1.2