The system must have a host-based intrusion detection tool installed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-38667 | RHEL-06-000285 | SV-50468r1_rule | Medium |
| Description |
|---|
| Adding host-based intrusion detection tools can provide the capability to automatically take actions in response to malicious behavior, which can provide additional agility in reacting to network threats. These tools also often include a reporting capability to provide network awareness of system, which may not otherwise exist in an organization's systems management regime. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2013-06-03 |
Details
| Check Text ( C-46227r1_chk ) |
|---|
| Inspect the system to determine if intrusion detection software has been installed. Verify the intrusion detection software is active. If no host-based intrusion detection tools are installed, this is a finding. |
| Fix Text (F-43616r1_fix) |
|---|
| The base Red Hat platform already includes a sophisticated auditing system that can detect intruder activity, as well as SELinux, which provides host-based intrusion prevention capabilities by confining privileged programs and user sessions which may become compromised. Install an additional intrusion detection tool to provide complementary or duplicative monitoring, reporting, and reaction capabilities to those of the base platform. For DoD systems, the McAfee Host-based Security System is provided to fulfill this role. |