diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/oval/shared.xml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/oval/shared.xml
deleted file mode 100644
index 1ac70e5aeb..0000000000
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/oval/shared.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<def-group>
- <definition class="compliance" id="install_mcafee_hbss_hips"
- version="1">
- {{{ oval_metadata("Install the McAfee Host Intrusion Prevention System (HIPS) Module if it is absolutely necessary. If SELinux is enabled, do not install or enable this module.",
- affected_platforms=["multi_platform_all"]) }}}
- <criteria>
- <criterion comment="McAfee IPS is installed"
- test_ref="test_mcafee_hbss_hips_installed" />
- </criteria>
- </definition>
-
- <linux:rpminfo_test check="all" check_existence="all_exist"
- id="test_mcafee_hbss_hips_installed" version="1"
- comment="McAfee IPS is installed">
- <linux:object object_ref="obj_mcafee_hbss_hips_installed" />
- </linux:rpminfo_test>
- <linux:rpminfo_object id="obj_mcafee_hbss_hips_installed" version="1">
- <linux:name>MFEhiplsm</linux:name>
- </linux:rpminfo_object>
-
-</def-group>
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml
similarity index 88%
rename from linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/rule.yml
rename to linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml
index 459a656d40..00e5f12873 100644
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8
+prodtype: fedora,rhel6,rhel7,rhel8,rhv4
title: 'Install the Host Intrusion Prevention System (HIPS) Module'
@@ -24,12 +24,13 @@ references:
nist: CM-6(a)
nist-csf: DE.AE-1,DE.AE-2,DE.AE-3,DE.AE-4,DE.CM-1,DE.CM-5,DE.CM-6,DE.CM-7,DE.DP-2,DE.DP-3,DE.DP-4,DE.DP-5,ID.RA-1,PR.AC-5,PR.DS-5,PR.IP-8,PR.PT-4,RS.AN-1,RS.CO-3
pcidss: Req-11.4
- srg: STG-OS-000480-GPOS-00227
+ srg: SRG-OS-000480-GPOS-00227,SRG-OS-000196
isa-62443-2013: 'SR 2.10,SR 2.11,SR 2.12,SR 2.4,SR 2.8,SR 2.9,SR 3.1,SR 3.3,SR 3.5,SR 3.8,SR 3.9,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
isa-62443-2009: 4.2.3,4.2.3.12,4.2.3.7,4.2.3.9,4.3.3.4,4.3.4.5.2,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.3.4.5.9,4.4.3.2,4.4.3.3,4.4.3.4
cobit5: APO01.06,APO07.06,APO08.04,APO10.05,APO11.06,APO12.01,APO12.02,APO12.03,APO12.04,APO12.06,APO13.01,APO13.02,BAI08.02,BAI08.04,DSS01.03,DSS01.05,DSS02.04,DSS02.05,DSS02.07,DSS03.01,DSS03.04,DSS03.05,DSS04.05,DSS05.01,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.01,DSS06.02,MEA03.03,MEA03.04
iso27001-2013: 'A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.12.1.1,A.12.1.2,A.12.4.1,A.12.4.3,A.12.5.1,A.12.6.1,A.12.6.2,A.13.1.1,A.13.1.2,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.14.2.7,A.14.2.8,A.15.2.1,A.16.1.1,A.16.1.2,A.16.1.3,A.16.1.4,A.16.1.5,A.16.1.6,A.16.1.7,A.18.1.4,A.18.2.2,A.18.2.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5,Clause 16.1.2,Clause 7.4'
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
+ stigid@rhel7: RHEL-07-020019
ocil_clause: 'the HBSS HIPS module is not installed'
@@ -37,6 +38,9 @@ ocil: |-
To verify that McAfee HIPS is installed, run the following command(s):
<pre>$ rpm -q MFEhiplsm</pre>
+conflicts:
+ - selinux_state
+
warnings:
- functionality: |-
Installing and enabling this module conflicts with SELinux.
@@ -44,3 +48,14 @@ warnings:
- general: |-
Due to McAfee HIPS being 3rd party software, automated
remediation is not available for this configuration check.
+
+template:
+ name: package_installed
+ vars:
+ pkgname: MFEhiplsm
+ backends:
+ anaconda: "off"
+ ansible: "off"
+ bash: "off"
+ puppet: "off"
+
diff --git a/rhel7/profiles/stig.profile b/rhel7/profiles/stig.profile
index 9033e433d8..f9f3e94e2a 100644
--- a/rhel7/profiles/stig.profile
+++ b/rhel7/profiles/stig.profile
@@ -308,3 +308,4 @@ selections:
- mount_option_dev_shm_noexec
- mount_option_dev_shm_nosuid
- audit_rules_privileged_commands_mount
+ - package_MFEhiplsm_installed
diff --git a/shared/checks/oval/install_mcafee_hbss.xml b/shared/checks/oval/install_mcafee_hbss.xml
index 8ae73ecffc..e0fc31d760 100644
--- a/shared/checks/oval/install_mcafee_hbss.xml
+++ b/shared/checks/oval/install_mcafee_hbss.xml
@@ -12,7 +12,7 @@
<criteria operator="AND">
<extend_definition comment="McAfee HBSS" definition_ref="install_mcafee_cma_rt" />
<extend_definition comment="McAfee HBSS" definition_ref="install_mcafee_hbss_accm" />
- <extend_definition comment="McAfee HBSS" definition_ref="install_mcafee_hbss_hips" />
+ <extend_definition comment="McAfee HBSS" definition_ref="package_MFEhiplsm_installed" />
<extend_definition comment="McAfee HBSS" definition_ref="install_mcafee_hbss_pa" />
</criteria>
</definition>