Skip to content

Install cryptsetup Package

An XCCDF Rule

Description

The cryptsetup package can be installed with the following command:

$ sudo yum install cryptsetup

Rationale

LUKS is the upcoming standard for Linux hard disk encryption. By providing a standard on-disk format, it does not only facilitate compatibility among distributions, but also provide secure management of multiple user passwords. In contrast to existing solution, LUKS stores all necessary setup information in the partition header, enabling the user to transport or migrate their data seamlessly. LUKS for dm-crypt is implemented in cryptsetup.

ID
xccdf_org.ssgproject.content_rule_package_cryptsetup-luks_installed
Severity
Medium
References
Updated



Remediation - Puppet

include install_cryptsetup

class install_cryptsetup {
  package { 'cryptsetup':
    ensure => 'installed',
  }

Remediation - Shell Script


if ! rpm -q --quiet "cryptsetup" ; then
    yum install -y "cryptsetup"
fi

Remediation - Anaconda Pre-Install Instructions


package --add=cryptsetup

Remediation - OS Build Blueprint


[[packages]]
name = "cryptsetup"
version = "*"

Remediation - Ansible

- name: Ensure cryptsetup is installed
  package:
    name: cryptsetup
    state: present
  tags:
  - PCI-DSSv4-3.5.1.2