UCF STIG Viewer Logo

The system must have a host-based intrusion detection tool installed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-38667 RHEL-06-000285 SV-50468r2_rule Medium
Description
Adding host-based intrusion detection tools can provide the capability to automatically take actions in response to malicious behavior, which can provide additional agility in reacting to network threats. These tools also often include a reporting capability to provide network awareness of system, which may not otherwise exist in an organization's systems management regime.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2015-05-26

Details

Check Text ( C-46227r1_chk )
Inspect the system to determine if intrusion detection software has been installed. Verify the intrusion detection software is active.
If no host-based intrusion detection tools are installed, this is a finding.
Fix Text (F-43616r2_fix)
The base Red Hat platform already includes a sophisticated auditing system that can detect intruder activity, as well as SELinux, which provides host-based intrusion prevention capabilities by confining privileged programs and user sessions which may become compromised.

In DoD environments, supplemental intrusion detection tools, such as, the McAfee Host-based Security System, are available to integrate with existing infrastructure. When these supplemental tools interfere with the proper functioning of SELinux, SELinux takes precedence.