From a76930c35acc3eea8e8c76f048db99034962d4e2 Mon Sep 17 00:00:00 2001 From: Eduardo Barretto Date: Mon, 27 Sep 2021 13:35:09 +0200 Subject: [PATCH 1/2] Make package_mcafeetp_installed work on Ubuntu --- .../package_mcafeetp_installed/rule.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml index 095b6ab02d5..6159a69ed74 100644 --- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml +++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml @@ -1,6 +1,12 @@ +{{% if 'ubuntu' in product %}} +{{% set pkg='mfetp' %}} +{{% else %}} +{{% set pkg='mcafeetp' %}} +{{% endif %}} + documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: ol7,ol8,rhel7,rhel8,ubuntu2004 title: 'Install McAfee Endpoint Security for Linux (ENSL)' @@ -9,7 +15,7 @@ description: |- which is provided for DoD systems and uses signatures to search for the presence of viruses on the filesystem. - {{{ describe_package_install(package="mcafeetp") }}} + {{{ describe_package_install(package=pkg) }}} rationale: |- Virus scanning software can be used to detect if a system has been compromised by @@ -25,12 +31,14 @@ references: disa: CCI-001233 nist: SI-2(2) srg: SRG-OS-000191-GPOS-00080 + stigid@ol7: OL07-00-020019 stigid@rhel7: RHEL-07-020019 stigid@rhel8: RHEL-08-010001 + stigid@ubuntu2004: UBTU-20-010415 ocil_clause: 'the package is not installed' -ocil: '{{{ ocil_package(package="mcafeetp") }}}' +ocil: '{{{ ocil_package(package=pkg) }}}' warnings: - general: |- @@ -41,7 +49,7 @@ warnings: template: name: package_installed vars: - pkgname: mcafeetp + pkgname: {{{ pkg }}} backends: bash: "off" ansible: "off" From 7674ec00ff042551bd9469c2aa07bd79ce320933 Mon Sep 17 00:00:00 2001 From: Eduardo Barretto Date: Mon, 27 Sep 2021 13:35:34 +0200 Subject: [PATCH 2/2] Add package_mcafeetp_installed to Ubuntu 20.04 STIG Profile --- products/ubuntu2004/profiles/stig.profile | 1 + 1 file changed, 1 insertion(+) diff --git a/products/ubuntu2004/profiles/stig.profile b/products/ubuntu2004/profiles/stig.profile index 90002996d06..a44039adf3d 100644 --- a/products/ubuntu2004/profiles/stig.profile +++ b/products/ubuntu2004/profiles/stig.profile @@ -442,6 +442,7 @@ selections: - encrypt_partitions # UBTU-20-010415 The Ubuntu operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP). + - package_mcafeetp_installed # UBTU-20-010416 The Ubuntu operating system must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. - permissions_local_var_log