The SUSE operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-234801	SLES-15-010001	SV-234801r622137_rule		Medium

Description
Adding host-based intrusion detection tools can provide the capability to automatically take actions in response to malicious behavior, which can provide additional agility in reacting to network threats. These tools also often include a reporting capability to provide network awareness of the system, which may not otherwise exist in an organization's systems management regime.

STIG	Date
SUSE Linux Enterprise Server 15 Security Technical Implementation Guide	2021-03-04

Details

Check Text ( C-37989r618672_chk )
Per OPORD 16-0080, the preferred intrusion detection system is McAfee Host Intrusion Prevention System (HIPS) in conjunction with SELinux. McAfee Endpoint Security for Linux (ENSL) is an approved alternative to McAfee Virus Scan Enterprise (VSE) and HIPS. Procedure: Verify the SUSE operating system deploys ENSLTP. Check that the following package has been installed: # rpm -qa \| grep isectp If the "isectp" package is not installed, this is a finding. Verify that the daemon is running: # ps -ef \| grep -i “isectpd” If the daemon is not running, this is a finding.

Check Text ( C-37989r618672_chk )

Per OPORD 16-0080, the preferred intrusion detection system is McAfee Host Intrusion Prevention System (HIPS) in conjunction with SELinux. McAfee Endpoint Security for Linux (ENSL) is an approved alternative to McAfee Virus Scan Enterprise (VSE) and HIPS.

Procedure:
Verify the SUSE operating system deploys ENSLTP.

Check that the following package has been installed:

# rpm -qa | grep isectp

If the "isectp" package is not installed, this is a finding.

Verify that the daemon is running:

# ps -ef | grep -i “isectpd”

If the daemon is not running, this is a finding.

Fix Text (F-37952r618673_fix)
Install and enable the latest McAfee ENSLTP.