The system must have a host-based intrusion detection tool installed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-50875 | OL6-00-000285 | SV-65081r2_rule | Medium |
| Description |
|---|
| Adding host-based intrusion detection tools can provide the capability to automatically take actions in response to malicious behavior, which can provide additional agility in reacting to network threats. These tools also often include a reporting capability to provide network awareness of system, which may not otherwise exist in an organization's systems management regime. |
| STIG | Date |
|---|---|
| Oracle Linux 6 Security Technical Implementation Guide | 2016-06-05 |
Details
| Check Text ( C-53347r1_chk ) |
|---|
| Inspect the system to determine if intrusion detection software has been installed. Verify the intrusion detection software is active. If no host-based intrusion detection tools are installed, this is a finding. |
| Fix Text (F-55669r2_fix) |
|---|
| The operating system already includes a sophisticated auditing system that can detect intruder activity, as well as SELinux, which provides host-based intrusion prevention capabilities by confining privileged programs and user sessions which may become compromised. In DoD environments, supplemental intrusion detection tools, such as, the McAfee Host-based Security System, are available to integrate with existing infrastructure. When these supplemental tools interfere with the proper functioning of SELinux, SELinux takes precedence. |