Blob Blame History Raw
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/oval/shared.xml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/oval/shared.xml
deleted file mode 100644
index 1ac70e5aeb..0000000000
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/oval/shared.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<def-group>
-  <definition class="compliance" id="install_mcafee_hbss_hips"
-  version="1">
-	  {{{ oval_metadata("Install the McAfee Host Intrusion Prevention System (HIPS) Module if it is absolutely necessary. If SELinux is enabled, do not install or enable this module.",
-	  affected_platforms=["multi_platform_all"]) }}}
-    <criteria>
-      <criterion comment="McAfee IPS  is installed"
-      test_ref="test_mcafee_hbss_hips_installed" />
-    </criteria>
-  </definition>
-
-  <linux:rpminfo_test check="all" check_existence="all_exist"
-  id="test_mcafee_hbss_hips_installed" version="1"
-  comment="McAfee IPS is installed">
-    <linux:object object_ref="obj_mcafee_hbss_hips_installed" />
-  </linux:rpminfo_test>
-  <linux:rpminfo_object id="obj_mcafee_hbss_hips_installed" version="1">
-    <linux:name>MFEhiplsm</linux:name>
-  </linux:rpminfo_object>
-
-</def-group>
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml
similarity index 88%
rename from linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/rule.yml
rename to linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml
index 459a656d40..00e5f12873 100644
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8
+prodtype: fedora,rhel6,rhel7,rhel8,rhv4
 
 title: 'Install the Host Intrusion Prevention System (HIPS) Module'
 
@@ -24,12 +24,13 @@ references:
     nist: CM-6(a)
     nist-csf: DE.AE-1,DE.AE-2,DE.AE-3,DE.AE-4,DE.CM-1,DE.CM-5,DE.CM-6,DE.CM-7,DE.DP-2,DE.DP-3,DE.DP-4,DE.DP-5,ID.RA-1,PR.AC-5,PR.DS-5,PR.IP-8,PR.PT-4,RS.AN-1,RS.CO-3
     pcidss: Req-11.4
-    srg: STG-OS-000480-GPOS-00227
+    srg: SRG-OS-000480-GPOS-00227,SRG-OS-000196
     isa-62443-2013: 'SR 2.10,SR 2.11,SR 2.12,SR 2.4,SR 2.8,SR 2.9,SR 3.1,SR 3.3,SR 3.5,SR 3.8,SR 3.9,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
     isa-62443-2009: 4.2.3,4.2.3.12,4.2.3.7,4.2.3.9,4.3.3.4,4.3.4.5.2,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.3.4.5.9,4.4.3.2,4.4.3.3,4.4.3.4
     cobit5: APO01.06,APO07.06,APO08.04,APO10.05,APO11.06,APO12.01,APO12.02,APO12.03,APO12.04,APO12.06,APO13.01,APO13.02,BAI08.02,BAI08.04,DSS01.03,DSS01.05,DSS02.04,DSS02.05,DSS02.07,DSS03.01,DSS03.04,DSS03.05,DSS04.05,DSS05.01,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.01,DSS06.02,MEA03.03,MEA03.04
     iso27001-2013: 'A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.12.1.1,A.12.1.2,A.12.4.1,A.12.4.3,A.12.5.1,A.12.6.1,A.12.6.2,A.13.1.1,A.13.1.2,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.14.2.7,A.14.2.8,A.15.2.1,A.16.1.1,A.16.1.2,A.16.1.3,A.16.1.4,A.16.1.5,A.16.1.6,A.16.1.7,A.18.1.4,A.18.2.2,A.18.2.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5,Clause 16.1.2,Clause 7.4'
     cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
+    stigid@rhel7: RHEL-07-020019
 
 ocil_clause: 'the HBSS HIPS module is not installed'
 
@@ -37,6 +38,9 @@ ocil: |-
     To verify that McAfee HIPS is installed, run the following command(s):
     <pre>$ rpm -q MFEhiplsm</pre>
 
+conflicts:
+    - selinux_state
+
 warnings:
     - functionality: |-
         Installing and enabling this module conflicts with SELinux.
@@ -44,3 +48,14 @@ warnings:
     - general: |-
         Due to McAfee HIPS being 3rd party software, automated
         remediation is not available for this configuration check.
+
+template:
+    name: package_installed
+    vars:
+        pkgname: MFEhiplsm
+    backends:
+        anaconda: "off"
+        ansible: "off"
+        bash: "off"
+        puppet: "off"
+
diff --git a/rhel7/profiles/stig.profile b/rhel7/profiles/stig.profile
index 9033e433d8..f9f3e94e2a 100644
--- a/rhel7/profiles/stig.profile
+++ b/rhel7/profiles/stig.profile
@@ -308,3 +308,4 @@ selections:
     - mount_option_dev_shm_noexec
     - mount_option_dev_shm_nosuid
     - audit_rules_privileged_commands_mount
+    - package_MFEhiplsm_installed
diff --git a/shared/checks/oval/install_mcafee_hbss.xml b/shared/checks/oval/install_mcafee_hbss.xml
index 8ae73ecffc..e0fc31d760 100644
--- a/shared/checks/oval/install_mcafee_hbss.xml
+++ b/shared/checks/oval/install_mcafee_hbss.xml
@@ -12,7 +12,7 @@
     <criteria operator="AND">
       <extend_definition comment="McAfee HBSS" definition_ref="install_mcafee_cma_rt" />
       <extend_definition comment="McAfee HBSS" definition_ref="install_mcafee_hbss_accm" />
-      <extend_definition comment="McAfee HBSS" definition_ref="install_mcafee_hbss_hips" />
+      <extend_definition comment="McAfee HBSS" definition_ref="package_MFEhiplsm_installed" />
       <extend_definition comment="McAfee HBSS" definition_ref="install_mcafee_hbss_pa" />
     </criteria>
   </definition>