Add rule for package python3-dnf removed

Author: yuumasato

components/dnf.yml

@@ -2,6 +2,7 @@ name: dnf
 packages:
 - dnf
 - dnf-automatic
+- python3-dnf
 - dnf-plugin-subscription-manager
 - libdnf-plugin-subscription-manager
 rules:

linux_os/guide/system/software/system-tools/package_python3-dnf_removed/rule.yml

@@ -0,0 +1,34 @@
+documentation_complete: true
+
+
+title: 'Uninstall python3-dnf Package'
+
+description: |-
+    The <tt>python3-dnf</tt> package provides Python bindings for installing, updating,
+    and removing software on Linux systems.
+    {{{ describe_package_remove(package="python3-dnf") }}}
+
+rationale: |-
+    Retaining the <tt>python3-dnf</tt> package can introduce risks by allowing direct
+    package installation, which may compromise system integrity and increase the attack
+    surface.
+
+severity: medium
+
+identifiers:
+    cce@rhcos4: CCE-86468-6
+
+references:
+    nist: CM-7(a),CM-7(b),CM-6(a)
+
+{{{ complete_ocil_entry_package(package="python3-dnf") }}}
+
+fixtext: '{{{ fixtext_package_removed(package="python3-dnf") }}}'
+
+srg_requirement: |-
+    The python3-dnf package must not be installed unless mission essential on {{{ full_name }}}.
+
+template:
+    name: package_removed
+    vars:
+        pkgname: python3-dnf

products/rhcos4/profiles/default.profile

@@ -291,3 +291,4 @@ selections:
     - audit_rules_mac_modification_etc_selinux
     - audit_rules_login_events_faillog
     - package_at_removed
+    - package_python3-dnf_removed

shared/references/cce-redhat-avail.txt

@@ -1,4 +1,3 @@
-CCE-86468-6
 CCE-86482-7
 CCE-86483-5
 CCE-86484-3