Title

The system must have a host-based intrusion detection tool installed. (Cat II impact)

Discussion

Without a host-based intrusion detection tool, there is no system-level defense when an intruder gains access to a system or network. Additionally, a host-based intrusion detection tool can provide methods to immediately lock out detected intrusion attempts.

Check Content

A few applications providing host-based network intrusion protection are: - Dragon Squire by Enterasys Networks - ITA by Symantec - Hostsentry by Psionic Software - Logcheck by Psionic Software - RealSecure agent by ISS - Swatch by Stanford University Ask the SA or IAO if a host-based intrusion detection application is loaded on the system (where <daemon name> is the name of the primary application daemon) to determine if the application is loaded on the system. # find / -name <daemon> | xargs -n1 ls -lL Determine if the application is active on the system. # ps -ef | grep <daemon name> If no host-based intrusion detection system is installed on the system, this is a finding.

Fix Text

Install a host-based intrusion detection tool.

Additional Identifiers

Rule ID: SV-35141r1_rule

Vulnerability ID: V-782

Group Title: GEN006480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.