From de507f4aaa2d1e95cdc058fad3f8e47da00db878 Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Tue, 26 Sep 2023 11:56:06 -0500 Subject: [PATCH 1/2] Add rule package_s-nail_installed --- components/s-nail.yml | 5 +++ .../mail/package_s-nail_installed/rule.yml | 33 +++++++++++++++++++ shared/references/cce-redhat-avail.txt | 1 - 3 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 components/s-nail.yml create mode 100644 linux_os/guide/services/mail/package_s-nail_installed/rule.yml diff --git a/components/s-nail.yml b/components/s-nail.yml new file mode 100644 index 00000000000..d93f8c52dc9 --- /dev/null +++ b/components/s-nail.yml @@ -0,0 +1,5 @@ +name: s-nail +packages: +- s-nail +rules: +- package_s-nail_installed diff --git a/linux_os/guide/services/mail/package_s-nail_installed/rule.yml b/linux_os/guide/services/mail/package_s-nail_installed/rule.yml new file mode 100644 index 00000000000..e14fbc9f357 --- /dev/null +++ b/linux_os/guide/services/mail/package_s-nail_installed/rule.yml @@ -0,0 +1,33 @@ +documentation_complete: true + +prodtype: rhel9 + +title: 'The s-nail Package Is Installed' + +description: |- + A mail server is required for sending emails. + {{{ describe_package_install(package="s-nail") }}} + +rationale: |- + Emails can be used to notify designated personnel about important + system events such as failures or warnings. + +severity: medium + +identifiers: + cce@rhel9: CCE-86608-7 + +references: + disa: CCI-001744 + nist: CM-3(5) + srg: SRG-OS-000363-GPOS-00150 + +ocil_clause: 'the package is not installed' + +ocil: '{{{ ocil_package(package="s-nail") }}}' + +template: + name: package_installed + vars: + pkgname: s-nail + diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt index 1e1308c3642..af285b56d2e 100644 --- a/shared/references/cce-redhat-avail.txt +++ b/shared/references/cce-redhat-avail.txt @@ -309,7 +309,6 @@ CCE-86604-6 CCE-86605-3 CCE-86606-1 CCE-86607-9 -CCE-86608-7 CCE-86609-5 CCE-86610-3 CCE-86613-7 From f1c04ed5527c226104e7f5939b4da06ab3424017 Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Tue, 26 Sep 2023 11:56:53 -0500 Subject: [PATCH 2/2] Add package_s-nail_installed to SRG GPOS control --- controls/srg_gpos/SRG-OS-000363-GPOS-00150.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/controls/srg_gpos/SRG-OS-000363-GPOS-00150.yml b/controls/srg_gpos/SRG-OS-000363-GPOS-00150.yml index 3ffba82f035..05a10a23044 100644 --- a/controls/srg_gpos/SRG-OS-000363-GPOS-00150.yml +++ b/controls/srg_gpos/SRG-OS-000363-GPOS-00150.yml @@ -7,4 +7,5 @@ controls: rules: - aide_periodic_cron_checking - package_aide_installed + - package_s-nail_installed status: automated