You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
92 lines
2.7 KiB
92 lines
2.7 KiB
10 months ago
|
From d98cffdc7ebd3c266e71ead933d401188ef0d66a Mon Sep 17 00:00:00 2001
|
||
|
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
||
|
Date: Tue, 5 Dec 2023 16:05:37 +0100
|
||
|
Subject: [PATCH 07/14] Add rule `package_s-nail-installed`
|
||
|
|
||
|
Patch-name: scap-security-guide-0.1.70-add_package_smail_installed-PR_11144.patch
|
||
|
Patch-status: Add rule `package_s-nail-installed`
|
||
|
---
|
||
|
components/s-nail.yml | 5 +++
|
||
|
.../srg_gpos/SRG-OS-000363-GPOS-00150.yml | 1 +
|
||
|
.../mail/package_s-nail_installed/rule.yml | 33 +++++++++++++++++++
|
||
|
shared/references/cce-redhat-avail.txt | 1 -
|
||
|
4 files changed, 39 insertions(+), 1 deletion(-)
|
||
|
create mode 100644 components/s-nail.yml
|
||
|
create mode 100644 linux_os/guide/services/mail/package_s-nail_installed/rule.yml
|
||
|
|
||
|
diff --git a/components/s-nail.yml b/components/s-nail.yml
|
||
|
new file mode 100644
|
||
|
index 0000000000..d93f8c52dc
|
||
|
--- /dev/null
|
||
|
+++ b/components/s-nail.yml
|
||
|
@@ -0,0 +1,5 @@
|
||
|
+name: s-nail
|
||
|
+packages:
|
||
|
+- s-nail
|
||
|
+rules:
|
||
|
+- package_s-nail_installed
|
||
|
diff --git a/controls/srg_gpos/SRG-OS-000363-GPOS-00150.yml b/controls/srg_gpos/SRG-OS-000363-GPOS-00150.yml
|
||
|
index 3ffba82f03..05a10a2304 100644
|
||
|
--- a/controls/srg_gpos/SRG-OS-000363-GPOS-00150.yml
|
||
|
+++ b/controls/srg_gpos/SRG-OS-000363-GPOS-00150.yml
|
||
|
@@ -7,4 +7,5 @@ controls:
|
||
|
rules:
|
||
|
- aide_periodic_cron_checking
|
||
|
- package_aide_installed
|
||
|
+ - package_s-nail_installed
|
||
|
status: automated
|
||
|
diff --git a/linux_os/guide/services/mail/package_s-nail_installed/rule.yml b/linux_os/guide/services/mail/package_s-nail_installed/rule.yml
|
||
|
new file mode 100644
|
||
|
index 0000000000..e14fbc9f35
|
||
|
--- /dev/null
|
||
|
+++ b/linux_os/guide/services/mail/package_s-nail_installed/rule.yml
|
||
|
@@ -0,0 +1,33 @@
|
||
|
+documentation_complete: true
|
||
|
+
|
||
|
+prodtype: rhel9
|
||
|
+
|
||
|
+title: 'The s-nail Package Is Installed'
|
||
|
+
|
||
|
+description: |-
|
||
|
+ A mail server is required for sending emails.
|
||
|
+ {{{ describe_package_install(package="s-nail") }}}
|
||
|
+
|
||
|
+rationale: |-
|
||
|
+ Emails can be used to notify designated personnel about important
|
||
|
+ system events such as failures or warnings.
|
||
|
+
|
||
|
+severity: medium
|
||
|
+
|
||
|
+identifiers:
|
||
|
+ cce@rhel9: CCE-86608-7
|
||
|
+
|
||
|
+references:
|
||
|
+ disa: CCI-001744
|
||
|
+ nist: CM-3(5)
|
||
|
+ srg: SRG-OS-000363-GPOS-00150
|
||
|
+
|
||
|
+ocil_clause: 'the package is not installed'
|
||
|
+
|
||
|
+ocil: '{{{ ocil_package(package="s-nail") }}}'
|
||
|
+
|
||
|
+template:
|
||
|
+ name: package_installed
|
||
|
+ vars:
|
||
|
+ pkgname: s-nail
|
||
|
+
|
||
|
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
|
||
|
index ef6afd3fbe..538d9d488d 100644
|
||
|
--- a/shared/references/cce-redhat-avail.txt
|
||
|
+++ b/shared/references/cce-redhat-avail.txt
|
||
|
@@ -315,7 +315,6 @@ CCE-86604-6
|
||
|
CCE-86605-3
|
||
|
CCE-86606-1
|
||
|
CCE-86607-9
|
||
|
-CCE-86608-7
|
||
|
CCE-86609-5
|
||
|
CCE-86610-3
|
||
|
CCE-86612-9
|
||
|
--
|
||
|
2.43.0
|
||
|
|