diff --git a/controls/hipaa.yml b/controls/hipaa.yml index ccc5b6244ed..d51d44ba21d 100644 --- a/controls/hipaa.yml +++ b/controls/hipaa.yml @@ -1248,6 +1248,7 @@ controls: - auditd_data_retention_max_log_file_action - auditd_data_retention_max_log_file_action_stig - auditd_data_retention_space_left_action + - package_postfix_installed - package_rsyslog_installed - service_rsyslog_enabled - partition_for_var_log_audit diff --git a/controls/pcidss_3.yml b/controls/pcidss_3.yml index f0899ba7388..fa267acdaa6 100644 --- a/controls/pcidss_3.yml +++ b/controls/pcidss_3.yml @@ -2130,6 +2130,7 @@ controls: - auditd_data_retention_space_left - auditd_data_retention_admin_space_left_action - auditd_data_retention_action_mail_acct + - package_postfix_installed - id: Req-10.8 title: 10.8 Ensure that security policies and operational procedures for monitoring all access diff --git a/controls/pcidss_4.yml b/controls/pcidss_4.yml index 8db6d14144e..a9b4b5c4aa4 100644 --- a/controls/pcidss_4.yml +++ b/controls/pcidss_4.yml @@ -2967,6 +2967,7 @@ controls: - auditd_data_retention_admin_space_left_action - auditd_data_retention_space_left - auditd_data_retention_space_left_action + - package_postfix_installed - package_logrotate_installed - timer_logrotate_enabled related_rules: diff --git a/controls/srg_gpos/SRG-OS-000046-GPOS-00022.yml b/controls/srg_gpos/SRG-OS-000046-GPOS-00022.yml index 43b058638ff..8d8807a384f 100644 --- a/controls/srg_gpos/SRG-OS-000046-GPOS-00022.yml +++ b/controls/srg_gpos/SRG-OS-000046-GPOS-00022.yml @@ -5,6 +5,7 @@ controls: title: {{{ full_name }}} must alert the ISSO and SA (at a minimum) in the event of an audit processing failure. rules: + - package_postfix_installed - postfix_client_configure_mail_alias - postfix_client_configure_mail_alias_postmaster - var_postfix_root_mail_alias=mil_sysadmin diff --git a/linux_os/guide/services/mail/package_postfix_installed/rule.yml b/linux_os/guide/services/mail/package_postfix_installed/rule.yml index b00b209dec8..b621a631bb1 100644 --- a/linux_os/guide/services/mail/package_postfix_installed/rule.yml +++ b/linux_os/guide/services/mail/package_postfix_installed/rule.yml @@ -15,6 +15,7 @@ severity: medium identifiers: cce@rhel8: CCE-85983-5 cce@rhel9: CCE-85984-3 + cce@rhel10: CCE-86466-0 references: srg: SRG-OS-000046-GPOS-00022 diff --git a/products/rhel10/controls/cis_rhel10.yml b/products/rhel10/controls/cis_rhel10.yml index 9ab136c4be7..ad7b1d5b63c 100644 --- a/products/rhel10/controls/cis_rhel10.yml +++ b/products/rhel10/controls/cis_rhel10.yml @@ -2621,8 +2621,11 @@ controls: - l2_workstation status: automated rules: + - auditd_data_retention_action_mail_acct - auditd_data_retention_admin_space_left_action - auditd_data_retention_space_left_action + - package_postfix_installed + - var_auditd_action_mail_acct=root - var_auditd_admin_space_left_action=cis_rhel10 - var_auditd_space_left_action=cis_rhel10 diff --git a/products/rhel9/controls/cis_rhel9.yml b/products/rhel9/controls/cis_rhel9.yml index d96d8ad21fe..361de050056 100644 --- a/products/rhel9/controls/cis_rhel9.yml +++ b/products/rhel9/controls/cis_rhel9.yml @@ -2560,6 +2560,7 @@ controls: - auditd_data_retention_action_mail_acct - auditd_data_retention_admin_space_left_action - auditd_data_retention_space_left_action + - package_postfix_installed - var_auditd_action_mail_acct=root - var_auditd_admin_space_left_action=cis_rhel9 - var_auditd_space_left_action=cis_rhel9 diff --git a/products/sle12/profiles/default.profile b/products/sle12/profiles/default.profile index 0e63f6b8b0f..4a2db7bc6cd 100644 --- a/products/sle12/profiles/default.profile +++ b/products/sle12/profiles/default.profile @@ -33,7 +33,6 @@ selections: - sudo_vdsm_nopasswd - ntpd_configure_restrictions - fapolicyd_prevent_home_folder_access - - package_postfix_installed - audit_privileged_commands_poweroff - accounts_password_pam_unix_rounds_password_auth - sudoers_no_root_target diff --git a/products/sle12/profiles/pci-dss-4.profile b/products/sle12/profiles/pci-dss-4.profile index 3dbc587bb6b..28a75d78edb 100644 --- a/products/sle12/profiles/pci-dss-4.profile +++ b/products/sle12/profiles/pci-dss-4.profile @@ -95,6 +95,7 @@ selections: - '!use_pam_wheel_for_su' - use_pam_wheel_group_for_su - var_pam_wheel_group_for_su=cis + - '!package_postfix_installed' # Following rules once had a prodtype incompatible with the sle12 product - '!set_firewalld_default_zone' - '!accounts_password_pam_dcredit' diff --git a/products/sle12/profiles/pci-dss.profile b/products/sle12/profiles/pci-dss.profile index 435a459c9ba..9ddae89654a 100644 --- a/products/sle12/profiles/pci-dss.profile +++ b/products/sle12/profiles/pci-dss.profile @@ -17,6 +17,7 @@ selections: - sshd_approved_ciphers=cis_sle12 - var_multiple_time_servers=suse - var_multiple_time_pools=suse + - '!package_postfix_installed' # Exclude from PCI DISS profile all rules related to ntp and timesyncd and keep only # rules related to chrony - '!ntpd_specify_multiple_servers' diff --git a/products/sle15/profiles/default.profile b/products/sle15/profiles/default.profile index d43fc05c053..a89ecd426a7 100644 --- a/products/sle15/profiles/default.profile +++ b/products/sle15/profiles/default.profile @@ -27,7 +27,6 @@ selections: - sudo_vdsm_nopasswd - package_mcstrans_removed - fapolicyd_prevent_home_folder_access - - package_postfix_installed - accounts_password_pam_unix_rounds_password_auth - audit_privileged_commands_poweroff - configure_etc_hosts_deny diff --git a/products/sle15/profiles/pci-dss-4.profile b/products/sle15/profiles/pci-dss-4.profile index 52bb158df27..103abd2ee32 100644 --- a/products/sle15/profiles/pci-dss-4.profile +++ b/products/sle15/profiles/pci-dss-4.profile @@ -20,6 +20,7 @@ selections: - var_multiple_time_servers=suse - var_multiple_time_pools=suse - audit_rules_enable_syscall_auditing + - '!package_postfix_installed' # Exclude from PCI DISS profile all rules related to ntp and timesyncd and keep only # rules related to chrony - '!ntpd_specify_multiple_servers' diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt index 1082be58ddc..7aa466c6da9 100644 --- a/shared/references/cce-redhat-avail.txt +++ b/shared/references/cce-redhat-avail.txt @@ -1,4 +1,3 @@ -CCE-86466-0 CCE-86468-6 CCE-86482-7 CCE-86483-5 diff --git a/tests/data/profile_stability/rhel10/cis.profile b/tests/data/profile_stability/rhel10/cis.profile index d59c4fb53bd..717fce52b98 100644 --- a/tests/data/profile_stability/rhel10/cis.profile +++ b/tests/data/profile_stability/rhel10/cis.profile @@ -116,6 +116,7 @@ audit_rules_usergroup_modification_shadow audit_sudo_log_events auditd_data_disk_error_action auditd_data_disk_full_action +auditd_data_retention_action_mail_acct auditd_data_retention_admin_space_left_action auditd_data_retention_max_log_file auditd_data_retention_max_log_file_action @@ -336,6 +337,7 @@ package_net-snmp_removed package_nginx_removed package_openldap-clients_removed package_pam_pwquality_installed +package_postfix_installed package_rsync_removed package_samba_removed package_setroubleshoot_removed @@ -469,6 +471,7 @@ var_accounts_passwords_pam_faillock_unlock_time=900 var_accounts_tmout=15_min var_accounts_user_umask=027 var_audit_backlog_limit=8192 +var_auditd_action_mail_acct=root var_auditd_admin_space_left_action=cis_rhel10 var_auditd_disk_error_action=cis_rhel10 var_auditd_disk_full_action=cis_rhel10 diff --git a/tests/data/profile_stability/rhel10/cis_workstation_l2.profile b/tests/data/profile_stability/rhel10/cis_workstation_l2.profile index 44b0fc37e7e..454336b989d 100644 --- a/tests/data/profile_stability/rhel10/cis_workstation_l2.profile +++ b/tests/data/profile_stability/rhel10/cis_workstation_l2.profile @@ -116,6 +116,7 @@ audit_rules_usergroup_modification_shadow audit_sudo_log_events auditd_data_disk_error_action auditd_data_disk_full_action +auditd_data_retention_action_mail_acct auditd_data_retention_admin_space_left_action auditd_data_retention_max_log_file auditd_data_retention_max_log_file_action @@ -335,6 +336,7 @@ package_net-snmp_removed package_nginx_removed package_openldap-clients_removed package_pam_pwquality_installed +package_postfix_installed package_rsync_removed package_samba_removed package_squid_removed @@ -465,6 +467,7 @@ var_accounts_passwords_pam_faillock_unlock_time=900 var_accounts_tmout=15_min var_accounts_user_umask=027 var_audit_backlog_limit=8192 +var_auditd_action_mail_acct=root var_auditd_admin_space_left_action=cis_rhel10 var_auditd_disk_error_action=cis_rhel10 var_auditd_disk_full_action=cis_rhel10 diff --git a/tests/data/profile_stability/rhel10/hipaa.profile b/tests/data/profile_stability/rhel10/hipaa.profile index 7462ce6fe3d..a02129b2974 100644 --- a/tests/data/profile_stability/rhel10/hipaa.profile +++ b/tests/data/profile_stability/rhel10/hipaa.profile @@ -118,6 +118,7 @@ no_direct_root_logins no_empty_passwords package_audit_installed package_cron_installed +package_postfix_installed package_rsyslog_installed package_sequoia-sq_installed package_telnet-server_removed diff --git a/tests/data/profile_stability/rhel10/pci-dss.profile b/tests/data/profile_stability/rhel10/pci-dss.profile index 59838d7233f..b32c147507c 100644 --- a/tests/data/profile_stability/rhel10/pci-dss.profile +++ b/tests/data/profile_stability/rhel10/pci-dss.profile @@ -189,6 +189,7 @@ package_libselinux_installed package_logrotate_installed package_net-snmp_removed package_nftables_installed +package_postfix_installed package_sequoia-sq_installed package_sudo_installed package_telnet-server_removed diff --git a/tests/data/profile_stability/rhel10/stig.profile b/tests/data/profile_stability/rhel10/stig.profile index dd157f79d28..427665f0a41 100644 --- a/tests/data/profile_stability/rhel10/stig.profile +++ b/tests/data/profile_stability/rhel10/stig.profile @@ -380,6 +380,7 @@ package_pcsc-lite-ccid_installed package_pcsc-lite_installed package_policycoreutils-python-utils_installed package_policycoreutils_installed +package_postfix_installed package_rsyslog-gnutls_installed package_rsyslog_installed package_s-nail_installed diff --git a/tests/data/profile_stability/rhel10/stig_gui.profile b/tests/data/profile_stability/rhel10/stig_gui.profile index 22c29b3b1a4..d6feaa27551 100644 --- a/tests/data/profile_stability/rhel10/stig_gui.profile +++ b/tests/data/profile_stability/rhel10/stig_gui.profile @@ -377,6 +377,7 @@ package_pcsc-lite-ccid_installed package_pcsc-lite_installed package_policycoreutils-python-utils_installed package_policycoreutils_installed +package_postfix_installed package_rsyslog-gnutls_installed package_rsyslog_installed package_s-nail_installed diff --git a/tests/data/profile_stability/rhel8/hipaa.profile b/tests/data/profile_stability/rhel8/hipaa.profile index de5673d6595..f4012d0aac0 100644 --- a/tests/data/profile_stability/rhel8/hipaa.profile +++ b/tests/data/profile_stability/rhel8/hipaa.profile @@ -94,6 +94,7 @@ libreswan_approved_tunnels no_direct_root_logins no_empty_passwords no_rsh_trust_files +package_postfix_installed package_telnet-server_removed package_telnet_removed package_xinetd_removed diff --git a/tests/data/profile_stability/rhel8/pci-dss.profile b/tests/data/profile_stability/rhel8/pci-dss.profile index 63d1fba0c89..b43536a4615 100644 --- a/tests/data/profile_stability/rhel8/pci-dss.profile +++ b/tests/data/profile_stability/rhel8/pci-dss.profile @@ -190,6 +190,7 @@ package_libselinux_installed package_logrotate_installed package_net-snmp_removed package_nftables_installed +package_postfix_installed package_sudo_installed package_telnet-server_removed package_telnet_removed diff --git a/tests/data/profile_stability/rhel9/cis.profile b/tests/data/profile_stability/rhel9/cis.profile index a2f7813238a..bae63639e1b 100644 --- a/tests/data/profile_stability/rhel9/cis.profile +++ b/tests/data/profile_stability/rhel9/cis.profile @@ -306,6 +306,7 @@ package_nftables_installed package_nginx_removed package_openldap-clients_removed package_pam_pwquality_installed +package_postfix_installed package_rsync_removed package_samba_removed package_setroubleshoot_removed diff --git a/tests/data/profile_stability/rhel9/cis_workstation_l2.profile b/tests/data/profile_stability/rhel9/cis_workstation_l2.profile index 4e0da9c5fe6..5947b745342 100644 --- a/tests/data/profile_stability/rhel9/cis_workstation_l2.profile +++ b/tests/data/profile_stability/rhel9/cis_workstation_l2.profile @@ -305,6 +305,7 @@ package_nftables_installed package_nginx_removed package_openldap-clients_removed package_pam_pwquality_installed +package_postfix_installed package_rsync_removed package_samba_removed package_squid_removed diff --git a/tests/data/profile_stability/rhel9/hipaa.profile b/tests/data/profile_stability/rhel9/hipaa.profile index 054de5d28e2..d8557b3d303 100644 --- a/tests/data/profile_stability/rhel9/hipaa.profile +++ b/tests/data/profile_stability/rhel9/hipaa.profile @@ -93,6 +93,7 @@ no_direct_root_logins no_empty_passwords no_rsh_trust_files package_cron_installed +package_postfix_installed package_telnet-server_removed package_telnet_removed require_singleuser_auth diff --git a/tests/data/profile_stability/rhel9/pci-dss.profile b/tests/data/profile_stability/rhel9/pci-dss.profile index e5a9965c2d2..1541a33e864 100644 --- a/tests/data/profile_stability/rhel9/pci-dss.profile +++ b/tests/data/profile_stability/rhel9/pci-dss.profile @@ -188,6 +188,7 @@ package_libselinux_installed package_logrotate_installed package_net-snmp_removed package_nftables_installed +package_postfix_installed package_sudo_installed package_telnet-server_removed package_telnet_removed