This needs to be a Rule since it would be part of a STIG profile (even
though its check may be entirely manual for now (eventually OCIL).
On 08/07/2012 09:54 AM, Willy Santos wrote:
Mapped antivirus group to CCI-1668 and removed mapping from
impractical_product. Related ticket #84.
Signed-off-by: Willy Santos <wsantos(a)redhat.com>
---
RHEL6/input/auxiliary/srg_support.xml | 2 +-
RHEL6/input/system/software/integrity.xml | 14 ++++++++++++++
2 files changed, 15 insertions(+), 1 deletions(-)
diff --git a/RHEL6/input/auxiliary/srg_support.xml
b/RHEL6/input/auxiliary/srg_support.xml
index 30da624..d04e823 100644
--- a/RHEL6/input/auxiliary/srg_support.xml
+++ b/RHEL6/input/auxiliary/srg_support.xml
@@ -30,7 +30,7 @@ The requirement is impractical or out of scope.
The product does not meet this requirement.
The requirement is impractical or out of scope.
</description>
-<ref disa="28,29,30,32,24,1695,1169,1170,1239,1662,1668,1395,553" />
+<ref disa="28,29,30,32,24,1695,1169,1170,1239,1662,1395,553" />
</Group> <!-- end unmet_impractical_product -->
<Group id="requirement_unclear">
diff --git a/RHEL6/input/system/software/integrity.xml
b/RHEL6/input/system/software/integrity.xml
index a5ec1bc..702bb0f 100644
--- a/RHEL6/input/system/software/integrity.xml
+++ b/RHEL6/input/system/software/integrity.xml
@@ -178,4 +178,18 @@ on the system.</rationale>
</Group>
+<Group id="antivirus">
+<title>Virus Scanning</title>
+<description>Virus scanning software should be used to protect a system from
penetration from
+computer viruses and to limit their spread through intermediate systems. The virus
scanning
+software should be configured to perform scans dynamically on accessed files. If this
capability
+is not available, the system should be configured to scan, at a minimum, all altered
files on
+the system on a daily basis.
+<br /><br />
+Virus signature definition files should be updated frequently. It is recommended that
definition
+files be updated at least every 7 days.
+</description>
+<ref disa="1668"/>
+</Group>
+
</Group>