Check: GEN006480
Solaris 10 X86 STIG:
GEN006480
(in versions v2 r4 through v1 r17)
Title
The system must have a host-based intrusion detection tool installed. (Cat II impact)
Discussion
Without a host-based intrusion detection tool, there is no system-level defense when an intruder gains access to a system or network. Additionally, a host-based intrusion detection tool can provide methods to immediately lock out detected intrusion attempts.
Check Content
Ask the SA or IAO if a host-based intrusion detection application is loaded on the system. Determine if the application is loaded on the system. Procedure: # find / -name <daemon name> -print Determine if the application is active on the system. Procedure: # ps -ef | grep <daemon name> If no host-based intrusion detection system is installed on the system, this is a finding.
Fix Text
Install a host-based intrusion detection tool.
Additional Identifiers
Rule ID: SV-227952r603266_rule
Vulnerability ID: V-227952
Group Title: SRG-OS-000191
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001233 |
The organization employs automated mechanisms on an organization-defined frequency to determine the state of information system components with regard to flaw remediation. |
Controls
Number | Title |
---|---|
SI-2 (2) |
Automated Flaw Remediation Status |