Oracle Linux 6 STIG Version Comparison
Oracle Linux 6 Security Technical Implementation Guide
Comparison
There are 2 differences between versions v2 r3 (April 23, 2021) (the "left" version) and v2 r5 (Oct. 27, 2021) (the "right" version).
Check OL6-00-000285 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.
The regular view of the left check and right check may be easier to read.
Text Differences
Title
The Oracle Linux operating system must have a host-based intrusion detection implement the Endpoint Security for Linux Threat Prevention tool tool. installed.
Check Content
Ask the SA or ISSO if a host-based intrusion detection application is loaded on the system. Per OPORD 16-0080 16-0080, the preferred intrusion detection system endpoint security tool is McAfee Endpoint Security for Linux (ENSL) HBSS available through Cybercom. If another host-based intrusion detection application is in conjunction with SELinux. Procedure: Check that use, such as SELinux, this must be documented and approved by the following package has been local Authorizing Official. Procedure: Examine the system to see if the Host Intrusion Prevention System (HIPS) is installed: # rpm -qa | grep MFEhiplsm Verify -i mcafeetp If the "mcafeetp" package is not installed, this is a finding. Verify that the daemon McAfee HIPS module is running: # active on the system: # ps -ef | grep -i “hipclient” If mfetpd If the daemon MFEhiplsm package is not installed, check for another intrusion detection system: # find / -name <daemon name> Where <daemon name> is the name of the primary application daemon to determine if the application is loaded on the system. Determine if the application is active on the system: # ps -ef | grep -i <daemon name> If the MFEhiplsm package is not installed and an alternate host-based intrusion detection application has not been documented for use, this is a finding. If no host-based intrusion detection system is installed and running running, on the system, this is a finding.
Discussion
Adding endpoint security host-based intrusion detection tools can provide the capability to automatically take actions in response to malicious behavior, which can provide additional agility in reacting to network threats. These tools also often include a reporting capability to provide network awareness of system, which may not otherwise exist in an organization's systems management regime.
Fix
Install and enable the latest McAfee HIPS ENSLTP package, package. available from Cybercom. If the system does not support the McAfee HIPS package, install and enable a supported intrusion detection system application and document its use with the Authorizing Official.