|
 |
fe0dde |
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/oval/shared.xml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/oval/shared.xml
|
|
|
fe0dde |
deleted file mode 100644
|
|
|
fe0dde |
index 1ac70e5aeb..0000000000
|
|
|
fe0dde |
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/oval/shared.xml
|
|
|
fe0dde |
+++ /dev/null
|
|
|
fe0dde |
@@ -1,21 +0,0 @@
|
|
|
fe0dde |
-<def-group>
|
|
|
fe0dde |
-
|
|
|
fe0dde |
- version="1">
|
|
|
fe0dde |
- {{{ oval_metadata("Install the McAfee Host Intrusion Prevention System (HIPS) Module if it is absolutely necessary. If SELinux is enabled, do not install or enable this module.",
|
|
|
fe0dde |
- affected_platforms=["multi_platform_all"]) }}}
|
|
|
fe0dde |
- <criteria>
|
|
|
fe0dde |
-
|
|
|
fe0dde |
- test_ref="test_mcafee_hbss_hips_installed" />
|
|
|
fe0dde |
- </criteria>
|
|
|
fe0dde |
- </definition>
|
|
|
fe0dde |
-
|
|
|
fe0dde |
-
|
|
|
fe0dde |
- id="test_mcafee_hbss_hips_installed" version="1"
|
|
|
fe0dde |
- comment="McAfee IPS is installed">
|
|
|
fe0dde |
- <linux:object object_ref="obj_mcafee_hbss_hips_installed" />
|
|
|
fe0dde |
- </linux:rpminfo_test>
|
|
|
fe0dde |
- <linux:rpminfo_object id="obj_mcafee_hbss_hips_installed" version="1">
|
|
|
fe0dde |
- <linux:name>MFEhiplsm</linux:name>
|
|
|
fe0dde |
- </linux:rpminfo_object>
|
|
|
fe0dde |
-
|
|
|
fe0dde |
-</def-group>
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml
|
|
|
fe0dde |
similarity index 88%
|
|
|
fe0dde |
rename from linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/rule.yml
|
|
|
fe0dde |
rename to linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml
|
|
|
fe0dde |
index 459a656d40..00e5f12873 100644
|
|
|
fe0dde |
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/rule.yml
|
|
|
fe0dde |
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml
|
|
|
fe0dde |
@@ -1,6 +1,6 @@
|
|
|
fe0dde |
documentation_complete: true
|
|
|
fe0dde |
|
|
|
fe0dde |
-prodtype: rhel7,rhel8
|
|
|
fe0dde |
+prodtype: fedora,rhel6,rhel7,rhel8,rhv4
|
|
|
fe0dde |
|
|
|
fe0dde |
title: 'Install the Host Intrusion Prevention System (HIPS) Module'
|
|
|
fe0dde |
|
|
|
fe0dde |
@@ -24,12 +24,13 @@ references:
|
|
|
fe0dde |
nist: CM-6(a)
|
|
|
fe0dde |
nist-csf: DE.AE-1,DE.AE-2,DE.AE-3,DE.AE-4,DE.CM-1,DE.CM-5,DE.CM-6,DE.CM-7,DE.DP-2,DE.DP-3,DE.DP-4,DE.DP-5,ID.RA-1,PR.AC-5,PR.DS-5,PR.IP-8,PR.PT-4,RS.AN-1,RS.CO-3
|
|
|
fe0dde |
pcidss: Req-11.4
|
|
|
fe0dde |
- srg: STG-OS-000480-GPOS-00227
|
|
|
fe0dde |
+ srg: SRG-OS-000480-GPOS-00227,SRG-OS-000196
|
|
|
fe0dde |
isa-62443-2013: 'SR 2.10,SR 2.11,SR 2.12,SR 2.4,SR 2.8,SR 2.9,SR 3.1,SR 3.3,SR 3.5,SR 3.8,SR 3.9,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
|
|
|
fe0dde |
isa-62443-2009: 4.2.3,4.2.3.12,4.2.3.7,4.2.3.9,4.3.3.4,4.3.4.5.2,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.3.4.5.9,4.4.3.2,4.4.3.3,4.4.3.4
|
|
|
fe0dde |
cobit5: APO01.06,APO07.06,APO08.04,APO10.05,APO11.06,APO12.01,APO12.02,APO12.03,APO12.04,APO12.06,APO13.01,APO13.02,BAI08.02,BAI08.04,DSS01.03,DSS01.05,DSS02.04,DSS02.05,DSS02.07,DSS03.01,DSS03.04,DSS03.05,DSS04.05,DSS05.01,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.01,DSS06.02,MEA03.03,MEA03.04
|
|
|
fe0dde |
iso27001-2013: 'A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.12.1.1,A.12.1.2,A.12.4.1,A.12.4.3,A.12.5.1,A.12.6.1,A.12.6.2,A.13.1.1,A.13.1.2,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.14.2.7,A.14.2.8,A.15.2.1,A.16.1.1,A.16.1.2,A.16.1.3,A.16.1.4,A.16.1.5,A.16.1.6,A.16.1.7,A.18.1.4,A.18.2.2,A.18.2.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5,Clause 16.1.2,Clause 7.4'
|
|
|
fe0dde |
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
|
|
|
fe0dde |
+ stigid@rhel7: RHEL-07-020019
|
|
|
fe0dde |
|
|
|
fe0dde |
ocil_clause: 'the HBSS HIPS module is not installed'
|
|
|
fe0dde |
|
|
|
fe0dde |
@@ -37,6 +38,9 @@ ocil: |-
|
|
|
fe0dde |
To verify that McAfee HIPS is installed, run the following command(s):
|
|
|
fe0dde |
$ rpm -q MFEhiplsm
|
|
|
fe0dde |
|
|
|
fe0dde |
+conflicts:
|
|
|
fe0dde |
+ - selinux_state
|
|
|
fe0dde |
+
|
|
|
fe0dde |
warnings:
|
|
|
fe0dde |
- functionality: |-
|
|
|
fe0dde |
Installing and enabling this module conflicts with SELinux.
|
|
|
fe0dde |
@@ -44,3 +48,14 @@ warnings:
|
|
|
fe0dde |
- general: |-
|
|
|
fe0dde |
Due to McAfee HIPS being 3rd party software, automated
|
|
|
fe0dde |
remediation is not available for this configuration check.
|
|
|
fe0dde |
+
|
|
|
fe0dde |
+template:
|
|
|
fe0dde |
+ name: package_installed
|
|
|
fe0dde |
+ vars:
|
|
|
fe0dde |
+ pkgname: MFEhiplsm
|
|
|
fe0dde |
+ backends:
|
|
|
fe0dde |
+ anaconda: "off"
|
|
|
fe0dde |
+ ansible: "off"
|
|
|
fe0dde |
+ bash: "off"
|
|
|
fe0dde |
+ puppet: "off"
|
|
|
fe0dde |
+
|
|
|
fe0dde |
diff --git a/rhel7/profiles/stig.profile b/rhel7/profiles/stig.profile
|
|
|
fe0dde |
index 9033e433d8..f9f3e94e2a 100644
|
|
|
fe0dde |
--- a/rhel7/profiles/stig.profile
|
|
|
fe0dde |
+++ b/rhel7/profiles/stig.profile
|
|
|
fe0dde |
@@ -308,3 +308,4 @@ selections:
|
|
|
fe0dde |
- mount_option_dev_shm_noexec
|
|
|
fe0dde |
- mount_option_dev_shm_nosuid
|
|
|
fe0dde |
- audit_rules_privileged_commands_mount
|
|
|
fe0dde |
+ - package_MFEhiplsm_installed
|
|
|
fe0dde |
diff --git a/shared/checks/oval/install_mcafee_hbss.xml b/shared/checks/oval/install_mcafee_hbss.xml
|
|
|
fe0dde |
index 8ae73ecffc..e0fc31d760 100644
|
|
|
fe0dde |
--- a/shared/checks/oval/install_mcafee_hbss.xml
|
|
|
fe0dde |
+++ b/shared/checks/oval/install_mcafee_hbss.xml
|
|
|
fe0dde |
@@ -12,7 +12,7 @@
|
|
|
fe0dde |
<criteria operator="AND">
|
|
|
fe0dde |
<extend_definition comment="McAfee HBSS" definition_ref="install_mcafee_cma_rt" />
|
|
|
fe0dde |
<extend_definition comment="McAfee HBSS" definition_ref="install_mcafee_hbss_accm" />
|
|
|
fe0dde |
- <extend_definition comment="McAfee HBSS" definition_ref="install_mcafee_hbss_hips" />
|
|
|
fe0dde |
+ <extend_definition comment="McAfee HBSS" definition_ref="package_MFEhiplsm_installed" />
|
|
|
fe0dde |
<extend_definition comment="McAfee HBSS" definition_ref="install_mcafee_hbss_pa" />
|
|
|
fe0dde |
</criteria>
|
|
|
fe0dde |
</definition>
|