Install crypto-policies package

An XCCDF Rule

Description

The crypto-policies package can be installed with the following command:

$ sudo yum install crypto-policies

Rationale

Centralized cryptographic policies simplify applying secure ciphers across an operating system and the applications that run on that operating system. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data.

ID: xccdf_org.ssgproject.content_rule_package_crypto-policies_installed
Severity: Medium
References: FCS_CKM.1 FCS_CKM.2 FCS_COP.1(1) FCS_COP.1(2) FCS_COP.1(3) FCS_COP.1(4) FCS_TLSC_EXT.1

SRG-OS-000393-GPOS-00173 SRG-OS-000394-GPOS-00174 SRG-OS-000396-GPOS-00176
Updated: about 1 year ago


package --add=crypto-policies


[[packages]]
name = "crypto-policies"
version = "*"

- name: Ensure crypto-policies is installed
  package:
    name: crypto-policies
    state: present
  tags:
  - enable_strategy  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - package_crypto-policies_installed

include install_crypto-policies

class install_crypto-policies {
  package { 'crypto-policies':
    ensure => 'installed',
  }}


if ! rpm -q --quiet "crypto-policies" ; then
    yum install -y "crypto-policies"
fi

Install crypto-policies package

Description

Rationale

Remediation - Anaconda Pre-Install Instructions

Remediation - OS Build Blueprint

Remediation - Ansible

Remediation - Puppet

Remediation - Shell Script