The system must have a host-based intrusion detection tool installed.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-782	GEN006480	SV-35141r1_rule	ECID-1	Medium

Description
Without a host-based intrusion detection tool, there is no system-level defense when an intruder gains access to a system or network. Additionally, a host-based intrusion detection tool can provide methods to immediately lock out detected intrusion attempts.

STIG	Date
HP-UX 11.31 Security Technical Implementation Guide	2017-05-19

Details

Check Text ( C-34998r1_chk )
A few applications providing host-based network intrusion protection are: - Dragon Squire by Enterasys Networks - ITA by Symantec - Hostsentry by Psionic Software - Logcheck by Psionic Software - RealSecure agent by ISS - Swatch by Stanford University Ask the SA or IAO if a host-based intrusion detection application is loaded on the system (where is the name of the primary application daemon) to determine if the application is loaded on the system. # find / -name \| xargs -n1 ls -lL Determine if the application is active on the system. # ps -ef \| grep If no host-based intrusion detection system is installed on the system, this is a finding.

Check Text ( C-34998r1_chk )

A few applications providing host-based network intrusion protection are:

- Dragon Squire by Enterasys Networks
- ITA by Symantec
- Hostsentry by Psionic Software
- Logcheck by Psionic Software
- RealSecure agent by ISS
- Swatch by Stanford University

Ask the SA or IAO if a host-based intrusion detection application is loaded on the system (where is the name of the primary application daemon) to determine if the application is loaded on the system.

# find / -name | xargs -n1 ls -lL

Determine if the application is active on the system.
# ps -ef | grep

If no host-based intrusion detection system is installed on the system, this is a finding.

Fix Text (F-32105r1_fix)
Install a host-based intrusion detection tool.