UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Oracle Linux operating system must have a host-based intrusion detection tool installed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-221706 OL07-00-020019 SV-221706r603260_rule Medium
Description
Adding host-based intrusion detection tools can provide the capability to take actions automatically in response to malicious behavior, which can provide additional agility in reacting to network threats. These tools often include a reporting capability to provide network awareness of the system, which may not otherwise exist in an organization's systems management regime. Satisfies: SRG-OS-000191-GPOS-00080, SRG-OS-000196
STIG Date
Oracle Linux 7 Security Technical Implementation Guide 2020-12-08

Details

Check Text ( C-23421r419190_chk )
Consult with the SA or ISSO to determine if a host-based intrusion detection application is loaded on the system. Per OPORD 16-0080, the preferred intrusion detection system is McAfee HBSS available through the U.S. Cyber Command (USCYBERCOM).

If another host-based intrusion detection application is in use, such as SELinux, this must be documented and approved by the local Authorizing Official.

Procedure:
Examine the system to determine if the Host Intrusion Prevention System (HIPS) is installed:

# rpm -qa | grep MFEhiplsm

Verify the McAfee HIPS module is active on the system:

# ps -ef | grep -i "hipclient"

If the MFEhiplsm package is not installed, check for another intrusion detection system:

# find / -name

Where is the name of the primary application daemon to determine if the application is loaded on the system.

Determine if the application is active on the system:

# ps -ef | grep -i

If the MFEhiplsm package is not installed and an alternate host-based intrusion detection application has not been documented for use, this is a finding.

If no host-based intrusion detection system is installed and running on the system, this is a finding.
Fix Text (F-23410r419191_fix)
Install and enable the latest McAfee HIPS package, available from USCYBERCOM.

Note: If the system does not support the McAfee HIPS package, install and enable a supported intrusion detection system application and document its use with the Authorizing Official.