fleet/it-and-security/lib/linux/policies/disk-encryption-check.yml

- name: Linux - Disk encryption enabled
  query: SELECT 1 FROM mounts m, disk_encryption d WHERE m.device_alias = d.name AND d.encrypted = 1 AND m.path = '/';
  critical: false
  description: This policy checks if disk encryption is enabled.
  resolution: Disk encryption can only be configured during initial operating system install. Please re-install your operating system ensuring disk encryption is enabled.
  platform: linux
  webhooks_and_tickets_enabled: true