From 4ca9d995da2f74f8166154224092e8ed28baac4e Mon Sep 17 00:00:00 2001
From: Bob Gendler <robert.gendler@nist.gov>
Date: Mon, 25 Mar 2024 12:01:57 -0400
Subject: [PATCH] refactor[rules] os_anti_virus_installed and timed

Removed auto remediation since it cannot occur if SIP is enabled.
Added a note about SIP.
---
 rules/os/os_anti_virus_installed.yaml | 4 +++-
 rules/os/os_time_server_enabled.yaml  | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/rules/os/os_anti_virus_installed.yaml b/rules/os/os_anti_virus_installed.yaml
index 2a2d3357..3b147fdd 100644
--- a/rules/os/os_anti_virus_installed.yaml
+++ b/rules/os/os_anti_virus_installed.yaml
@@ -9,11 +9,13 @@ check: |
 result:
   integer: 2
 fix: |
-  [source,bash]
+  [source,shell]
   ----
   /bin/launchctl load -w /Library/Apple/System/Library/LaunchDaemons/com.apple.XProtect.daemon.scan.plist
   /bin/launchctl load -w /Library/Apple/System/Library/LaunchDaemons/com.apple.XprotectFramework.PluginService.plist
   ----
+
+  NOTE: These services cannot be unloaded or loaded while System Integrity Protection (SIP) is enabled.
 references:
   cce:
     - CCE-92758-2
diff --git a/rules/os/os_time_server_enabled.yaml b/rules/os/os_time_server_enabled.yaml
index f6a9a0d6..af5c37e4 100644
--- a/rules/os/os_time_server_enabled.yaml
+++ b/rules/os/os_time_server_enabled.yaml
@@ -9,10 +9,12 @@ check: |
 result:
   integer: 1
 fix: |
-  [source,bash]
+  [source,shell]
   ----
   /bin/launchctl load -w /System/Library/LaunchDaemons/com.apple.timed.plist
   ----
+
+  NOTE: The service `timed` cannot be unloaded or loaded while System Integrity Protection (SIP) is enabled.
 references:
   cce:
     - CCE-92916-6