The "s-nail" package provides the mail command required to allow sending email notifications of unauthorized configuration changes to designated personnel.
Check
Verify Amazon Linux 2023 has the "s-nail" package is installed on the system with the following command:
$ dnf list --installed s-nail Installed Packages s-nail.x86_64 14.9.24-6.amzn2023 @amazonlinux
If the "s-nail" package is not installed, this is a finding.
Fix
Configure Amazon Linux 2023 to have the s-nail package installed with the following command: