Title

(U//FOUO) The HIP policy must include the signature for Accessing other users home directory (signature 6053). (Cat II impact)

Discussion

Check Content

(U//FOUO) This check should be completed on all client systems. From the ePO server console, select Menu > Systems > System Tree. Select the asset to be checked, then select "Assigned Policies", followed by "Host Intrusion Prevention 8:IPS" from the product list. From the "IPS Rules" category, select the "View Effective Policy" hyperlink. Select the "Signatures" tab. Verify the signature of “Accessing other users home directory” is present. In addition to the signature being present, the “Severity level” must be set to “High”, “Log status” must be set to "Enable logging", and the “Allow creation of client rules” setting must be disabled. If the signature is not present or the properties are set incorrectly, this is a finding. Note: If H36400 is a finding, this is check should also be considered a finding.

Fix Text

(U//FOUO) Install the "Accessing other users home directory" signature and set it as follows: “Severity level” set to “High”, “Log status” set to "Enable logging", and the “Allow creation of client rules” setting is disabled.

Additional Identifiers

Rule ID: SV-55944r2_rule

Vulnerability ID: V-43199

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.