Add postfix package requirement and audit retention controls to multiple profile controls by Arden97 · Pull Request #14612 · ComplianceAsCode/content

Arden97 · 2026-04-02T09:19:20Z

Description:

Fixing auditd email-related error for cis, pci-dss, stig and hipaa profiles

Rationale:

We have to ensure that proper mail transfer agent is installed on system by adding package_postfix_installed rule to profile controls
This PR also reverses changes in Remove auditd_data_retention_action_mail_acct from RHEL 10 CIS #14082, because cis_* option for var_auditd_space_left_action still allows email value for space_left_action in /etc/audit/auditd.conf.
Fixes auditd complains that /usr/lib/sendmail is not executable after hardening #14560

Review Hints:

use atex to reserve testing environment and run /scanning/boot-errors/ test for updated profiles

openshift-ci · 2026-04-02T09:19:24Z

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

Mab879 · 2026-04-03T15:47:06Z

@ComplianceAsCode/suse-maintainers can you please take a look as well?

teacup-on-rockingchair · 2026-04-06T13:57:46Z

linux_os/guide/services/mail/package_postfix_installed/rule.yml

    cce@rhel8: CCE-85983-5
    cce@rhel9: CCE-85984-3
    cce@rhel10: CCE-86466-0
+    cce@sle12: CCE-92326-8


I would rather remove that rule from the default profile than wasting a CCE on it for now. Can you please remove those?

Arden97 added 2 commits April 1, 2026 19:17

add auditd_data_retention_action_mail_acct for cis rhel 10

583ff1a

add package_postfix_installed to multiple controls

3d1a3d6

openshift-ci bot added the do-not-merge/work-in-progress Used by openshift-ci bot. label Apr 2, 2026

Arden97 added this to the 0.1.81 milestone Apr 2, 2026

Arden97 force-pushed the fix_14560 branch from 9985c8b to 7fae392 Compare April 2, 2026 10:39

update profile stability for cis, hipaa, pcidss

cae6a6e

Arden97 force-pushed the fix_14560 branch from 7fae392 to f274eeb Compare April 2, 2026 12:00

Arden97 marked this pull request as ready for review April 3, 2026 10:18

Arden97 requested review from a team, Mab879, jan-cerny, matusmarhefka and vojtapolasek as code owners April 3, 2026 10:18

openshift-ci bot removed the do-not-merge/work-in-progress Used by openshift-ci bot. label Apr 3, 2026

Mab879 self-assigned this Apr 3, 2026

Mab879 approved these changes Apr 3, 2026

View reviewed changes

teacup-on-rockingchair requested changes Apr 6, 2026

View reviewed changes

removing package_postfix_installed from sle12, sle15 defaults

17c4c3c

Arden97 force-pushed the fix_14560 branch from f274eeb to 17c4c3c Compare April 7, 2026 08:54

Arden97 requested a review from a team as a code owner April 7, 2026 08:54

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add postfix package requirement and audit retention controls to multiple profile controls#14612

Add postfix package requirement and audit retention controls to multiple profile controls#14612
Arden97 wants to merge 4 commits intoComplianceAsCode:masterfrom
Arden97:fix_14560

Arden97 commented Apr 2, 2026 •

edited

Loading

Uh oh!

openshift-ci bot commented Apr 2, 2026

Uh oh!

Mab879 commented Apr 3, 2026

Uh oh!

teacup-on-rockingchair Apr 6, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

Arden97 commented Apr 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description:

Rationale:

Review Hints:

Uh oh!

openshift-ci bot commented Apr 2, 2026

Uh oh!

Mab879 commented Apr 3, 2026

Uh oh!

teacup-on-rockingchair Apr 6, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Arden97 commented Apr 2, 2026 •

edited

Loading