Merge pull request #14612 from Arden97/fix_14560

Add postfix package requirement and audit retention controls to multiple profile controls

Author: Mab879

controls/hipaa.yml

@@ -1248,6 +1248,7 @@ controls:
           - auditd_data_retention_max_log_file_action
           - auditd_data_retention_max_log_file_action_stig
           - auditd_data_retention_space_left_action
+          - package_postfix_installed
           - package_rsyslog_installed
           - service_rsyslog_enabled
           - partition_for_var_log_audit

controls/pcidss_3.yml

@@ -2130,6 +2130,7 @@ controls:
           - auditd_data_retention_space_left
           - auditd_data_retention_admin_space_left_action
           - auditd_data_retention_action_mail_acct
+          - package_postfix_installed
 
     - id: Req-10.8
       title: 10.8 Ensure that security policies and operational procedures for monitoring all access

controls/pcidss_4.yml

@@ -2967,6 +2967,7 @@ controls:
                 - auditd_data_retention_admin_space_left_action
                 - auditd_data_retention_space_left
                 - auditd_data_retention_space_left_action
+                - package_postfix_installed
                 - package_logrotate_installed
                 - timer_logrotate_enabled
             related_rules:

controls/srg_gpos/SRG-OS-000046-GPOS-00022.yml

@@ -5,6 +5,7 @@ controls:
         title: {{{ full_name }}} must alert the ISSO and SA (at a minimum) in the event
             of an audit processing failure.
         rules:
+            - package_postfix_installed
             - postfix_client_configure_mail_alias
             - postfix_client_configure_mail_alias_postmaster
             - var_postfix_root_mail_alias=mil_sysadmin

linux_os/guide/services/mail/package_postfix_installed/rule.yml

@@ -15,6 +15,7 @@ severity: medium
 identifiers:
     cce@rhel8: CCE-85983-5
     cce@rhel9: CCE-85984-3
+    cce@rhel10: CCE-86466-0
 
 references:
     srg: SRG-OS-000046-GPOS-00022

products/rhel10/controls/cis_rhel10.yml

@@ -2622,8 +2622,11 @@ controls:
           - l2_workstation
       status: automated
       rules:
+          - auditd_data_retention_action_mail_acct
           - auditd_data_retention_admin_space_left_action
           - auditd_data_retention_space_left_action
+          - package_postfix_installed
+          - var_auditd_action_mail_acct=root
           - var_auditd_admin_space_left_action=cis_rhel10
           - var_auditd_space_left_action=cis_rhel10
 

products/rhel9/controls/cis_rhel9.yml

@@ -2560,6 +2560,7 @@ controls:
           - auditd_data_retention_action_mail_acct
           - auditd_data_retention_admin_space_left_action
           - auditd_data_retention_space_left_action
+          - package_postfix_installed
           - var_auditd_action_mail_acct=root
           - var_auditd_admin_space_left_action=cis_rhel9
           - var_auditd_space_left_action=cis_rhel9

products/sle12/profiles/default.profile

@@ -33,7 +33,6 @@ selections:
     - sudo_vdsm_nopasswd
     - ntpd_configure_restrictions
     - fapolicyd_prevent_home_folder_access
-    - package_postfix_installed
     - audit_privileged_commands_poweroff
     - accounts_password_pam_unix_rounds_password_auth
     - sudoers_no_root_target

products/sle12/profiles/pci-dss-4.profile

@@ -95,6 +95,7 @@ selections:
     -  '!use_pam_wheel_for_su'
     -  use_pam_wheel_group_for_su
     -  var_pam_wheel_group_for_su=cis
+    - '!package_postfix_installed'
     # Following rules once had a prodtype incompatible with the sle12 product
     - '!set_firewalld_default_zone'
     - '!accounts_password_pam_dcredit'

products/sle12/profiles/pci-dss.profile

@@ -17,6 +17,7 @@ selections:
     - sshd_approved_ciphers=cis_sle12
     - var_multiple_time_servers=suse
     - var_multiple_time_pools=suse
+    - '!package_postfix_installed'
 # Exclude from PCI DISS profile all rules related to ntp and timesyncd and keep only
 # rules related to chrony
     - '!ntpd_specify_multiple_servers'