Install strongswan Package

An XCCDF Rule

Description

The Strongswan package provides an implementation of IPsec and IKE, which permits the creation of secure tunnels over untrusted networks. The strongswan package can be installed with the following command:

$ sudo zypper install strongswan

Rationale

Providing the ability for remote users or systems to initiate a secure VPN connection protects information when it is transmitted over a wide area network.

ID: xccdf_org.ssgproject.content_rule_package_strongswan_installed
Severity: Medium
References: 12 15 3 5 8

APO13.01 DSS01.04 DSS05.02 DSS05.03 DSS05.04

CCI-001130 CCI-001131

4.3.3.6.5 4.3.3.6.6 4.3.3.6.7 4.3.3.6.8

SR 1.13 SR 2.6 SR 3.1 SR 3.5 SR 3.8 SR 4.1 SR 4.3 SR 5.1 SR 5.2 SR 5.3 SR 7.1 SR 7.6

A.11.2.4 A.11.2.6 A.13.1.1 A.13.2.1 A.14.1.3 A.15.1.1 A.15.2.1 A.6.2.1 A.6.2.2

CM-6(a)

PR.AC-3 PR.MA-2 PR.PT-4

Req-4.1

SRG-OS-000120-GPOS-00061 SRG-OS-000480-GPOS-00227

CCE-91625-4
Updated: about 1 month ago

Remediation Templates

include install_strongswan
class install_strongswan {
  package { 'strongswan':
    ensure => 'installed',
  }
}

- name: Ensure strongswan is installed
  package:
    name: strongswan
    state: present
  tags:
  - CCE-91625-4  - NIST-800-53-CM-6(a)
  - PCI-DSS-Req-4.1
  - enable_strategy
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - package_strongswan_installed

[[packages]]
name = "strongswan"
version = "*"

zypper install -y "strongswan"

Install strongswan Package

Description

Rationale

Remediation Templates

A Puppet Snippet

An Ansible Snippet

OS Build Blueprint

A Shell Script