UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must have a host-based intrusion detection tool installed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-38667 RHEL-06-000285 SV-50468r1_rule Medium
Description
Adding host-based intrusion detection tools can provide the capability to automatically take actions in response to malicious behavior, which can provide additional agility in reacting to network threats. These tools also often include a reporting capability to provide network awareness of system, which may not otherwise exist in an organization's systems management regime.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2013-06-03

Details

Check Text ( C-46227r1_chk )
Inspect the system to determine if intrusion detection software has been installed. Verify the intrusion detection software is active.
If no host-based intrusion detection tools are installed, this is a finding.
Fix Text (F-43616r1_fix)
The base Red Hat platform already includes a sophisticated auditing system that can detect intruder activity, as well as SELinux, which provides host-based intrusion prevention capabilities by confining privileged programs and user sessions which may become compromised.

Install an additional intrusion detection tool to provide complementary or duplicative monitoring, reporting, and reaction capabilities to those of the base platform. For DoD systems, the McAfee Host-based Security System is provided to fulfill this role.