Check: GEN006480
HP-UX 11.31 STIG:
GEN006480
(in versions v1 r19 through v1 r13)
Title
The system must have a host-based intrusion detection tool installed. (Cat II impact)
Discussion
Without a host-based intrusion detection tool, there is no system-level defense when an intruder gains access to a system or network. Additionally, a host-based intrusion detection tool can provide methods to immediately lock out detected intrusion attempts.
Check Content
A few applications providing host-based network intrusion protection are: - Dragon Squire by Enterasys Networks - ITA by Symantec - Hostsentry by Psionic Software - Logcheck by Psionic Software - RealSecure agent by ISS - Swatch by Stanford University Ask the SA or IAO if a host-based intrusion detection application is loaded on the system (where <daemon name> is the name of the primary application daemon) to determine if the application is loaded on the system. # find / -name <daemon> | xargs -n1 ls -lL Determine if the application is active on the system. # ps -ef | grep <daemon name> If no host-based intrusion detection system is installed on the system, this is a finding.
Fix Text
Install a host-based intrusion detection tool.
Additional Identifiers
Rule ID: SV-35141r1_rule
Vulnerability ID: V-782
Group Title: GEN006480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001259 |
The organization interconnects and configures individual intrusion detection tools into a systemwide intrusion detection system using common protocols. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |