Add postfix package requirement and audit retention controls to multiple profile controls

controls/hipaa.yml

@@ -1248,6 +1248,7 @@ controls:
           - auditd_data_retention_max_log_file_action
           - auditd_data_retention_max_log_file_action_stig
           - auditd_data_retention_space_left_action
+          - package_postfix_installed
           - package_rsyslog_installed
           - service_rsyslog_enabled
           - partition_for_var_log_audit

controls/pcidss_3.yml

@@ -89,7 +89,7 @@
                 data environment, and specifically deny all other traffic.
             levels:
                 - base
             automated: yes
             status: pending
             rules: []
 
@@ -2130,6 +2130,7 @@
           - auditd_data_retention_space_left
           - auditd_data_retention_admin_space_left_action
           - auditd_data_retention_action_mail_acct
+          - package_postfix_installed
 
     - id: Req-10.8
       title: 10.8 Ensure that security policies and operational procedures for monitoring all access

controls/pcidss_4.yml

@@ -2967,6 +2967,7 @@ controls:
                 - auditd_data_retention_admin_space_left_action
                 - auditd_data_retention_space_left
                 - auditd_data_retention_space_left_action
+                - package_postfix_installed
                 - package_logrotate_installed
                 - timer_logrotate_enabled
             related_rules:

controls/srg_gpos/SRG-OS-000046-GPOS-00022.yml

@@ -1,10 +1,11 @@
 controls:
     -   id: SRG-OS-000046-GPOS-00022
         levels:
             - medium
         title: {{{ full_name }}} must alert the ISSO and SA (at a minimum) in the event
             of an audit processing failure.
         rules:
+            - package_postfix_installed
             - postfix_client_configure_mail_alias
             - postfix_client_configure_mail_alias_postmaster
             - var_postfix_root_mail_alias=mil_sysadmin

linux_os/guide/services/mail/package_postfix_installed/rule.yml

@@ -15,6 +15,9 @@ severity: medium
 identifiers:
     cce@rhel8: CCE-85983-5
     cce@rhel9: CCE-85984-3
+    cce@rhel10: CCE-86466-0
+    cce@sle12: CCE-92326-8
+    cce@sle15: CCE-92614-7
 
 references:
     srg: SRG-OS-000046-GPOS-00022

products/rhel10/controls/cis_rhel10.yml

@@ -2621,8 +2621,11 @@ controls:
           - l2_workstation
       status: automated
       rules:
+          - auditd_data_retention_action_mail_acct
           - auditd_data_retention_admin_space_left_action
           - auditd_data_retention_space_left_action
+          - package_postfix_installed
+          - var_auditd_action_mail_acct=root
           - var_auditd_admin_space_left_action=cis_rhel10
           - var_auditd_space_left_action=cis_rhel10
 

products/rhel9/controls/cis_rhel9.yml

@@ -2560,6 +2560,7 @@ controls:
           - auditd_data_retention_action_mail_acct
           - auditd_data_retention_admin_space_left_action
           - auditd_data_retention_space_left_action
+          - package_postfix_installed
           - var_auditd_action_mail_acct=root
           - var_auditd_admin_space_left_action=cis_rhel9
           - var_auditd_space_left_action=cis_rhel9

shared/references/cce-redhat-avail.txt

@@ -1,4 +1,3 @@
-CCE-86466-0
 CCE-86468-6
 CCE-86482-7
 CCE-86483-5

shared/references/cce-sle12-avail.txt

@@ -1,4 +1,3 @@
-CCE-92326-8
 CCE-92327-6
 CCE-92328-4
 CCE-92329-2

shared/references/cce-sle15-avail.txt

@@ -1,4 +1,3 @@
-CCE-92614-7
 CCE-92615-4
 CCE-92616-2
 CCE-92617-0

tests/data/profile_stability/rhel10/cis.profile

@@ -116,6 +116,7 @@ audit_rules_usergroup_modification_shadow
 audit_sudo_log_events
 auditd_data_disk_error_action
 auditd_data_disk_full_action
+auditd_data_retention_action_mail_acct
 auditd_data_retention_admin_space_left_action
 auditd_data_retention_max_log_file
 auditd_data_retention_max_log_file_action
@@ -336,6 +337,7 @@ package_net-snmp_removed
 package_nginx_removed
 package_openldap-clients_removed
 package_pam_pwquality_installed
+package_postfix_installed
 package_rsync_removed
 package_samba_removed
 package_setroubleshoot_removed
@@ -469,6 +471,7 @@ var_accounts_passwords_pam_faillock_unlock_time=900
 var_accounts_tmout=15_min
 var_accounts_user_umask=027
 var_audit_backlog_limit=8192
+var_auditd_action_mail_acct=root
 var_auditd_admin_space_left_action=cis_rhel10
 var_auditd_disk_error_action=cis_rhel10
 var_auditd_disk_full_action=cis_rhel10

tests/data/profile_stability/rhel10/cis_workstation_l2.profile

@@ -116,6 +116,7 @@ audit_rules_usergroup_modification_shadow
 audit_sudo_log_events
 auditd_data_disk_error_action
 auditd_data_disk_full_action
+auditd_data_retention_action_mail_acct
 auditd_data_retention_admin_space_left_action
 auditd_data_retention_max_log_file
 auditd_data_retention_max_log_file_action
@@ -335,6 +336,7 @@ package_net-snmp_removed
 package_nginx_removed
 package_openldap-clients_removed
 package_pam_pwquality_installed
+package_postfix_installed
 package_rsync_removed
 package_samba_removed
 package_squid_removed
@@ -465,6 +467,7 @@ var_accounts_passwords_pam_faillock_unlock_time=900
 var_accounts_tmout=15_min
 var_accounts_user_umask=027
 var_audit_backlog_limit=8192
+var_auditd_action_mail_acct=root
 var_auditd_admin_space_left_action=cis_rhel10
 var_auditd_disk_error_action=cis_rhel10
 var_auditd_disk_full_action=cis_rhel10

tests/data/profile_stability/rhel10/hipaa.profile

@@ -118,6 +118,7 @@ no_direct_root_logins
 no_empty_passwords
 package_audit_installed
 package_cron_installed
+package_postfix_installed
 package_rsyslog_installed
 package_sequoia-sq_installed
 package_telnet-server_removed

tests/data/profile_stability/rhel10/pci-dss.profile

@@ -189,6 +189,7 @@ package_libselinux_installed
 package_logrotate_installed
 package_net-snmp_removed
 package_nftables_installed
+package_postfix_installed
 package_sequoia-sq_installed
 package_sudo_installed
 package_telnet-server_removed

tests/data/profile_stability/rhel10/stig.profile

@@ -380,6 +380,7 @@ package_pcsc-lite-ccid_installed
 package_pcsc-lite_installed
 package_policycoreutils-python-utils_installed
 package_policycoreutils_installed
+package_postfix_installed
 package_rsyslog-gnutls_installed
 package_rsyslog_installed
 package_s-nail_installed

tests/data/profile_stability/rhel10/stig_gui.profile

@@ -377,6 +377,7 @@ package_pcsc-lite-ccid_installed
 package_pcsc-lite_installed
 package_policycoreutils-python-utils_installed
 package_policycoreutils_installed
+package_postfix_installed
 package_rsyslog-gnutls_installed
 package_rsyslog_installed
 package_s-nail_installed

tests/data/profile_stability/rhel8/hipaa.profile

@@ -94,6 +94,7 @@ libreswan_approved_tunnels
 no_direct_root_logins
 no_empty_passwords
 no_rsh_trust_files
+package_postfix_installed
 package_telnet-server_removed
 package_telnet_removed
 package_xinetd_removed

tests/data/profile_stability/rhel8/pci-dss.profile

@@ -190,6 +190,7 @@ package_libselinux_installed
 package_logrotate_installed
 package_net-snmp_removed
 package_nftables_installed
+package_postfix_installed
 package_sudo_installed
 package_telnet-server_removed
 package_telnet_removed

tests/data/profile_stability/rhel9/cis.profile

@@ -306,6 +306,7 @@ package_nftables_installed
 package_nginx_removed
 package_openldap-clients_removed
 package_pam_pwquality_installed
+package_postfix_installed
 package_rsync_removed
 package_samba_removed
 package_setroubleshoot_removed

tests/data/profile_stability/rhel9/cis_workstation_l2.profile

@@ -305,6 +305,7 @@ package_nftables_installed
 package_nginx_removed
 package_openldap-clients_removed
 package_pam_pwquality_installed
+package_postfix_installed
 package_rsync_removed
 package_samba_removed
 package_squid_removed

tests/data/profile_stability/rhel9/hipaa.profile

@@ -93,6 +93,7 @@ no_direct_root_logins
 no_empty_passwords
 no_rsh_trust_files
 package_cron_installed
+package_postfix_installed
 package_telnet-server_removed
 package_telnet_removed
 require_singleuser_auth

tests/data/profile_stability/rhel9/pci-dss.profile

@@ -188,6 +188,7 @@ package_libselinux_installed
 package_logrotate_installed
 package_net-snmp_removed
 package_nftables_installed
+package_postfix_installed
 package_sudo_installed
 package_telnet-server_removed
 package_telnet_removed