update STIG antivirus language

[shawndwells]

DISA STIG updated its language to be less specific about antivirus. Updating our language to match.

• Updates XCCDF for generic language to match DISA;
• Removes OVAL, since we can't match for all possible A/V conditions;
• Removes rule from OSPP and other Red Hat controlled profiles

--- edit ---
Thanks to Bruce Benson for raising awareness of this!

[shawndwells]

DISA language:

<Group id="V-72213"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-86837r3_rule" severity="high" weight="10.0"><version>RHEL-07-032000</version><title>The Red Hat Enterprise Linux operating system must use a virus scan program.</title><description>&lt;VulnDiscussion&gt;Virus scanning software can be used to protect a system from penetration from computer viruses and to limit their spread through intermediate systems.  

The virus scanning software should be configured to perform scans dynamically on accessed files. If this capability is not available, the system must be configured to scan, at a minimum, all altered files on the system on a daily basis.

If the system processes inbound SMTP mail, the virus scanner must be configured to scan all received mail.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat 7</dc:subject><dc:identifier>2777</dc:identifier></reference><ident system="http://iase.disa.mil/cci">CCI-001668</ident><fixtext fixref="F-78567r2_fix">Install an antivirus solution on the system.</fixtext><fix id="F-78567r2_fix" /><check system="C-72447r3_chk"><check-content-ref name="M" href="DPMS_XCCDF_Benchmark_RHEL_7_STIG.xml" /><check-content>Verify an anti-virus solution is installed on the system. The anti-virus solution may be bundled with an approved host-based security solution.

If there is no anti-virus solution installed on the system, this is a finding.</check-content></check></Rule></Group>

[redhatrises]

Sorry but NACK to the McAfee Rule and OVAL changes. Changes need to be install_antivirus/rule.yml instead.

[shawndwells]

On May 10, 2019, at 9:51 PM, Gabe Alford ***@***.***> wrote: Sorry but NACK to the McAfee Rule and OVAL changes. Changes need to be install_antivirus/rule.yml instead.

Hmm, ok. Will take a look next week. If that’s the case, then our SRG mappings are wrong and need to be reviewed.

…

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

[scrutinizer-notifier]

The inspection completed: No new issues

[matejak]

How is this PR? I see that

• The rule install_mcafee_antivirus was rewritten to be generic (i.e. not McAffee-specific).
• No OVAL has been touched, which seems to contradict the PR description.
• SRG mappings are mentioned, are they handled in the commit that followed?

[adelton]

Could you please rebase on the latest master?

[redhatrises]

Closing in favor of #4745