Install cryptsetup Package

An XCCDF Rule

Description

The cryptsetup package can be installed with the following command:

$ sudo yum install cryptsetup

Rationale

LUKS is the upcoming standard for Linux hard disk encryption. By providing a standard on-disk format, it does not only facilitate compatibility among distributions, but also provide secure management of multiple user passwords. In contrast to existing solution, LUKS stores all necessary setup information in the partition header, enabling the user to transport or migrate their data seamlessly. LUKS for dm-crypt is implemented in cryptsetup.

ID: xccdf_org.ssgproject.content_rule_package_cryptsetup-luks_installed
Severity: Medium
References: 3.5 3.5.1 3.5.1.2
Updated: 5 days ago


if ! rpm -q --quiet "cryptsetup" ; then
    yum install -y "cryptsetup"
fi

include install_cryptsetup

class install_cryptsetup {
  package { 'cryptsetup':
    ensure => 'installed',
  }}

- name: Ensure cryptsetup is installed
  package:
    name: cryptsetup
    state: present
  tags:
  - PCI-DSSv4-3.5  - PCI-DSSv4-3.5.1
  - PCI-DSSv4-3.5.1.2
  - enable_strategy
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - package_cryptsetup-luks_installed


[[packages]]
name = "cryptsetup"
version = "*"


package --add=cryptsetup

Install cryptsetup Package

Description

Rationale

Remediation - Shell Script

Remediation - Puppet

Remediation - Ansible

Remediation - OS Build Blueprint

Remediation - Anaconda Pre-Install Instructions