diff --git a/controls/hipaa.yml b/controls/hipaa.yml index ccc5b6244edb..d51d44ba21dc 100644 --- a/controls/hipaa.yml +++ b/controls/hipaa.yml @@ -1248,6 +1248,7 @@ controls: - auditd_data_retention_max_log_file_action - auditd_data_retention_max_log_file_action_stig - auditd_data_retention_space_left_action + - package_postfix_installed - package_rsyslog_installed - service_rsyslog_enabled - partition_for_var_log_audit diff --git a/controls/pcidss_3.yml b/controls/pcidss_3.yml index f0899ba73887..fa267acdaa68 100644 --- a/controls/pcidss_3.yml +++ b/controls/pcidss_3.yml @@ -2130,6 +2130,7 @@ controls: - auditd_data_retention_space_left - auditd_data_retention_admin_space_left_action - auditd_data_retention_action_mail_acct + - package_postfix_installed - id: Req-10.8 title: 10.8 Ensure that security policies and operational procedures for monitoring all access diff --git a/controls/pcidss_4.yml b/controls/pcidss_4.yml index 8db6d14144e7..a9b4b5c4aa49 100644 --- a/controls/pcidss_4.yml +++ b/controls/pcidss_4.yml @@ -2967,6 +2967,7 @@ controls: - auditd_data_retention_admin_space_left_action - auditd_data_retention_space_left - auditd_data_retention_space_left_action + - package_postfix_installed - package_logrotate_installed - timer_logrotate_enabled related_rules: diff --git a/controls/srg_gpos/SRG-OS-000046-GPOS-00022.yml b/controls/srg_gpos/SRG-OS-000046-GPOS-00022.yml index 43b058638fff..8d8807a384f1 100644 --- a/controls/srg_gpos/SRG-OS-000046-GPOS-00022.yml +++ b/controls/srg_gpos/SRG-OS-000046-GPOS-00022.yml @@ -5,6 +5,7 @@ controls: title: {{{ full_name }}} must alert the ISSO and SA (at a minimum) in the event of an audit processing failure. rules: + - package_postfix_installed - postfix_client_configure_mail_alias - postfix_client_configure_mail_alias_postmaster - var_postfix_root_mail_alias=mil_sysadmin diff --git a/linux_os/guide/services/mail/package_postfix_installed/rule.yml b/linux_os/guide/services/mail/package_postfix_installed/rule.yml index b00b209dec85..d61c9759feba 100644 --- a/linux_os/guide/services/mail/package_postfix_installed/rule.yml +++ b/linux_os/guide/services/mail/package_postfix_installed/rule.yml @@ -15,6 +15,9 @@ severity: medium identifiers: cce@rhel8: CCE-85983-5 cce@rhel9: CCE-85984-3 + cce@rhel10: CCE-86466-0 + cce@sle12: CCE-92326-8 + cce@sle15: CCE-92614-7 references: srg: SRG-OS-000046-GPOS-00022 diff --git a/products/rhel10/controls/cis_rhel10.yml b/products/rhel10/controls/cis_rhel10.yml index 9ab136c4be7a..ad7b1d5b63c4 100644 --- a/products/rhel10/controls/cis_rhel10.yml +++ b/products/rhel10/controls/cis_rhel10.yml @@ -2621,8 +2621,11 @@ controls: - l2_workstation status: automated rules: + - auditd_data_retention_action_mail_acct - auditd_data_retention_admin_space_left_action - auditd_data_retention_space_left_action + - package_postfix_installed + - var_auditd_action_mail_acct=root - var_auditd_admin_space_left_action=cis_rhel10 - var_auditd_space_left_action=cis_rhel10 diff --git a/products/rhel9/controls/cis_rhel9.yml b/products/rhel9/controls/cis_rhel9.yml index d96d8ad21fed..361de050056f 100644 --- a/products/rhel9/controls/cis_rhel9.yml +++ b/products/rhel9/controls/cis_rhel9.yml @@ -2560,6 +2560,7 @@ controls: - auditd_data_retention_action_mail_acct - auditd_data_retention_admin_space_left_action - auditd_data_retention_space_left_action + - package_postfix_installed - var_auditd_action_mail_acct=root - var_auditd_admin_space_left_action=cis_rhel9 - var_auditd_space_left_action=cis_rhel9 diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt index 1082be58ddcc..7aa466c6da9b 100644 --- a/shared/references/cce-redhat-avail.txt +++ b/shared/references/cce-redhat-avail.txt @@ -1,4 +1,3 @@ -CCE-86466-0 CCE-86468-6 CCE-86482-7 CCE-86483-5 diff --git a/shared/references/cce-sle12-avail.txt b/shared/references/cce-sle12-avail.txt index 6b12b24fa103..ba03bde91d20 100644 --- a/shared/references/cce-sle12-avail.txt +++ b/shared/references/cce-sle12-avail.txt @@ -1,4 +1,3 @@ -CCE-92326-8 CCE-92327-6 CCE-92328-4 CCE-92329-2 diff --git a/shared/references/cce-sle15-avail.txt b/shared/references/cce-sle15-avail.txt index 41808cb6dcdc..859126d30786 100644 --- a/shared/references/cce-sle15-avail.txt +++ b/shared/references/cce-sle15-avail.txt @@ -1,4 +1,3 @@ -CCE-92614-7 CCE-92615-4 CCE-92616-2 CCE-92617-0 diff --git a/tests/data/profile_stability/rhel10/cis.profile b/tests/data/profile_stability/rhel10/cis.profile index d59c4fb53bde..717fce52b988 100644 --- a/tests/data/profile_stability/rhel10/cis.profile +++ b/tests/data/profile_stability/rhel10/cis.profile @@ -116,6 +116,7 @@ audit_rules_usergroup_modification_shadow audit_sudo_log_events auditd_data_disk_error_action auditd_data_disk_full_action +auditd_data_retention_action_mail_acct auditd_data_retention_admin_space_left_action auditd_data_retention_max_log_file auditd_data_retention_max_log_file_action @@ -336,6 +337,7 @@ package_net-snmp_removed package_nginx_removed package_openldap-clients_removed package_pam_pwquality_installed +package_postfix_installed package_rsync_removed package_samba_removed package_setroubleshoot_removed @@ -469,6 +471,7 @@ var_accounts_passwords_pam_faillock_unlock_time=900 var_accounts_tmout=15_min var_accounts_user_umask=027 var_audit_backlog_limit=8192 +var_auditd_action_mail_acct=root var_auditd_admin_space_left_action=cis_rhel10 var_auditd_disk_error_action=cis_rhel10 var_auditd_disk_full_action=cis_rhel10 diff --git a/tests/data/profile_stability/rhel10/cis_workstation_l2.profile b/tests/data/profile_stability/rhel10/cis_workstation_l2.profile index 44b0fc37e7ec..454336b989df 100644 --- a/tests/data/profile_stability/rhel10/cis_workstation_l2.profile +++ b/tests/data/profile_stability/rhel10/cis_workstation_l2.profile @@ -116,6 +116,7 @@ audit_rules_usergroup_modification_shadow audit_sudo_log_events auditd_data_disk_error_action auditd_data_disk_full_action +auditd_data_retention_action_mail_acct auditd_data_retention_admin_space_left_action auditd_data_retention_max_log_file auditd_data_retention_max_log_file_action @@ -335,6 +336,7 @@ package_net-snmp_removed package_nginx_removed package_openldap-clients_removed package_pam_pwquality_installed +package_postfix_installed package_rsync_removed package_samba_removed package_squid_removed @@ -465,6 +467,7 @@ var_accounts_passwords_pam_faillock_unlock_time=900 var_accounts_tmout=15_min var_accounts_user_umask=027 var_audit_backlog_limit=8192 +var_auditd_action_mail_acct=root var_auditd_admin_space_left_action=cis_rhel10 var_auditd_disk_error_action=cis_rhel10 var_auditd_disk_full_action=cis_rhel10 diff --git a/tests/data/profile_stability/rhel10/hipaa.profile b/tests/data/profile_stability/rhel10/hipaa.profile index 7462ce6fe3db..a02129b2974a 100644 --- a/tests/data/profile_stability/rhel10/hipaa.profile +++ b/tests/data/profile_stability/rhel10/hipaa.profile @@ -118,6 +118,7 @@ no_direct_root_logins no_empty_passwords package_audit_installed package_cron_installed +package_postfix_installed package_rsyslog_installed package_sequoia-sq_installed package_telnet-server_removed diff --git a/tests/data/profile_stability/rhel10/pci-dss.profile b/tests/data/profile_stability/rhel10/pci-dss.profile index 59838d7233f3..b32c147507c7 100644 --- a/tests/data/profile_stability/rhel10/pci-dss.profile +++ b/tests/data/profile_stability/rhel10/pci-dss.profile @@ -189,6 +189,7 @@ package_libselinux_installed package_logrotate_installed package_net-snmp_removed package_nftables_installed +package_postfix_installed package_sequoia-sq_installed package_sudo_installed package_telnet-server_removed diff --git a/tests/data/profile_stability/rhel10/stig.profile b/tests/data/profile_stability/rhel10/stig.profile index dd157f79d28e..427665f0a412 100644 --- a/tests/data/profile_stability/rhel10/stig.profile +++ b/tests/data/profile_stability/rhel10/stig.profile @@ -380,6 +380,7 @@ package_pcsc-lite-ccid_installed package_pcsc-lite_installed package_policycoreutils-python-utils_installed package_policycoreutils_installed +package_postfix_installed package_rsyslog-gnutls_installed package_rsyslog_installed package_s-nail_installed diff --git a/tests/data/profile_stability/rhel10/stig_gui.profile b/tests/data/profile_stability/rhel10/stig_gui.profile index 22c29b3b1a40..d6feaa275516 100644 --- a/tests/data/profile_stability/rhel10/stig_gui.profile +++ b/tests/data/profile_stability/rhel10/stig_gui.profile @@ -377,6 +377,7 @@ package_pcsc-lite-ccid_installed package_pcsc-lite_installed package_policycoreutils-python-utils_installed package_policycoreutils_installed +package_postfix_installed package_rsyslog-gnutls_installed package_rsyslog_installed package_s-nail_installed diff --git a/tests/data/profile_stability/rhel8/hipaa.profile b/tests/data/profile_stability/rhel8/hipaa.profile index de5673d65957..f4012d0aac03 100644 --- a/tests/data/profile_stability/rhel8/hipaa.profile +++ b/tests/data/profile_stability/rhel8/hipaa.profile @@ -94,6 +94,7 @@ libreswan_approved_tunnels no_direct_root_logins no_empty_passwords no_rsh_trust_files +package_postfix_installed package_telnet-server_removed package_telnet_removed package_xinetd_removed diff --git a/tests/data/profile_stability/rhel8/pci-dss.profile b/tests/data/profile_stability/rhel8/pci-dss.profile index 63d1fba0c892..b43536a46153 100644 --- a/tests/data/profile_stability/rhel8/pci-dss.profile +++ b/tests/data/profile_stability/rhel8/pci-dss.profile @@ -190,6 +190,7 @@ package_libselinux_installed package_logrotate_installed package_net-snmp_removed package_nftables_installed +package_postfix_installed package_sudo_installed package_telnet-server_removed package_telnet_removed diff --git a/tests/data/profile_stability/rhel9/cis.profile b/tests/data/profile_stability/rhel9/cis.profile index a2f7813238af..bae63639e1bc 100644 --- a/tests/data/profile_stability/rhel9/cis.profile +++ b/tests/data/profile_stability/rhel9/cis.profile @@ -306,6 +306,7 @@ package_nftables_installed package_nginx_removed package_openldap-clients_removed package_pam_pwquality_installed +package_postfix_installed package_rsync_removed package_samba_removed package_setroubleshoot_removed diff --git a/tests/data/profile_stability/rhel9/cis_workstation_l2.profile b/tests/data/profile_stability/rhel9/cis_workstation_l2.profile index 4e0da9c5fe6a..5947b7453424 100644 --- a/tests/data/profile_stability/rhel9/cis_workstation_l2.profile +++ b/tests/data/profile_stability/rhel9/cis_workstation_l2.profile @@ -305,6 +305,7 @@ package_nftables_installed package_nginx_removed package_openldap-clients_removed package_pam_pwquality_installed +package_postfix_installed package_rsync_removed package_samba_removed package_squid_removed diff --git a/tests/data/profile_stability/rhel9/hipaa.profile b/tests/data/profile_stability/rhel9/hipaa.profile index 054de5d28e24..d8557b3d3030 100644 --- a/tests/data/profile_stability/rhel9/hipaa.profile +++ b/tests/data/profile_stability/rhel9/hipaa.profile @@ -93,6 +93,7 @@ no_direct_root_logins no_empty_passwords no_rsh_trust_files package_cron_installed +package_postfix_installed package_telnet-server_removed package_telnet_removed require_singleuser_auth diff --git a/tests/data/profile_stability/rhel9/pci-dss.profile b/tests/data/profile_stability/rhel9/pci-dss.profile index e5a9965c2d24..1541a33e8646 100644 --- a/tests/data/profile_stability/rhel9/pci-dss.profile +++ b/tests/data/profile_stability/rhel9/pci-dss.profile @@ -188,6 +188,7 @@ package_libselinux_installed package_logrotate_installed package_net-snmp_removed package_nftables_installed +package_postfix_installed package_sudo_installed package_telnet-server_removed package_telnet_removed