From bd64cc2f2dddcd4a33aac8b8dd73633303debbde Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Wed, 15 Jan 2025 10:11:37 +0100
Subject: [PATCH] change control files to add the new rule

---
 controls/anssi.yml      | 4 ++++
 controls/cis_rhel10.yml | 2 +-
 controls/hipaa.yml      | 4 ++++
 controls/pcidss_4.yml   | 4 ++++
 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/controls/anssi.yml b/controls/anssi.yml
index a03a06d56412..0f120144c043 100644
--- a/controls/anssi.yml
+++ b/controls/anssi.yml
@@ -1517,7 +1517,11 @@ controls:
     - audit_rules_time_stime
     - audit_rules_time_watch_localtime
 
+    {{% if product == "rhel10" %}}
+    - audit_rules_mac_modification_etc_selinux
+    {{% else %}}
     - audit_rules_mac_modification
+    {{% endif %}}
 
     - audit_rules_networkconfig_modification
 
diff --git a/controls/cis_rhel10.yml b/controls/cis_rhel10.yml
index 1bcbaf0407a8..c1a95318f733 100644
--- a/controls/cis_rhel10.yml
+++ b/controls/cis_rhel10.yml
@@ -2650,7 +2650,7 @@ controls:
       - l2_workstation
     status: automated
     rules:
-      - audit_rules_mac_modification
+      - audit_rules_mac_modification_etc_selinux
       - audit_rules_mac_modification_usr_share
 
   - id: 6.3.3.15
diff --git a/controls/hipaa.yml b/controls/hipaa.yml
index 6faea5caac46..a6a745bed1ce 100644
--- a/controls/hipaa.yml
+++ b/controls/hipaa.yml
@@ -117,7 +117,11 @@ controls:
             - audit_rules_privileged_commands_unix_chkpwd
             - audit_rules_privileged_commands_userhelper
             - audit_rules_immutable
+            {{% if product == "rhel10" %}}
+            - audit_rules_mac_modification_etc_selinux
+            {{% else %}}
             - audit_rules_mac_modification
+            {{% endif %}}
             - audit_rules_mac_modification_usr_share
             - audit_rules_media_export
             - audit_rules_networkconfig_modification
diff --git a/controls/pcidss_4.yml b/controls/pcidss_4.yml
index 17b688dfab6a..fda526939b08 100644
--- a/controls/pcidss_4.yml
+++ b/controls/pcidss_4.yml
@@ -2858,7 +2858,11 @@ controls:
         - base
       status: automated
       rules:
+        {{% if product == "rhel10" %}}
+        - audit_rules_mac_modification_etc_selinux
+        {{% else %}}
         - audit_rules_mac_modification
+        {{% endif %}}
         - audit_rules_dac_modification_chmod
         - audit_rules_dac_modification_chown
         - audit_rules_dac_modification_fchmod