Install libreswan Package

An XCCDF Rule

Description

The libreswan package provides an implementation of IPsec and IKE, which permits the creation of secure tunnels over untrusted networks. The libreswan package can be installed with the following command:

$ sudo dnf install libreswan

Rationale

Providing the ability for remote users or systems to initiate a secure VPN connection protects information when it is transmitted over a wide area network.

ID: xccdf_org.ssgproject.content_rule_package_libreswan_installed
Severity: Medium
References: 12 15 3 5 8

APO13.01 DSS01.04 DSS05.02 DSS05.03 DSS05.04

4.3.3.6.5 4.3.3.6.6 4.3.3.6.7 4.3.3.6.8

SR 1.13 SR 2.6 SR 3.1 SR 3.5 SR 3.8 SR 4.1 SR 4.3 SR 5.1 SR 5.2 SR 5.3 SR 7.1 SR 7.6

A.11.2.4 A.11.2.6 A.13.1.1 A.13.2.1 A.14.1.3 A.15.1.1 A.15.2.1 A.6.2.1 A.6.2.2

CM-6(a)

PR.AC-3 PR.MA-2 PR.PT-4

Req-4.1

SRG-OS-000120-GPOS-00061 SRG-OS-000480-GPOS-00227

CCI-000366 CCI-000803
Updated: about 1 month ago

Remediation Templates

- name: Ensure libreswan is installed
  package:
    name: libreswan
    state: present
  tags:
  - NIST-800-53-CM-6(a)  - PCI-DSS-Req-4.1
  - enable_strategy
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - package_libreswan_installed

package install libreswan

[[packages]]
name = "libreswan"
version = "*"

dnf install libreswan

include install_libreswan
class install_libreswan {
  package { 'libreswan':
    ensure => 'installed',
  }
}

package --add=libreswan

if ! rpm -q --quiet "libreswan" ; then
    dnf install -y "libreswan"
fi

Install libreswan Package

Description

Rationale

Remediation Templates

An Ansible Snippet

script:kickstart

OS Build Blueprint

script:bootc

A Puppet Snippet

Anaconda Pre-Install Instructions

A Shell Script