Check: GEN006480
SUSE Linux Enterprise Server v11 for System z STIG:
GEN006480
(in versions v1 r12 through v1 r9)
Title
The system must have a host-based intrusion detection tool installed. (Cat II impact)
Discussion
Without a host-based intrusion detection tool, there is no system-level defense when an intruder gains access to a system or network. Additionally, a host-based intrusion detection tool can provide methods to immediately lock out detected intrusion attempts.
Check Content
Ask the SA or IAO if a host-based intrusion detection application is loaded on the system. The preferred intrusion detection system is McAfee HBSS available through Cybercom. If another host-based intrusion detection application, such as SELinux, is used on the system, this is not a finding. Procedure: Examine the system to see if the Host Intrusion Prevention System (HIPS) is installed #rpm -qa | grep MFEhiplsm If the MFEhiplsm package is installed, HBSS is being used on the system. If another host-based intrusion detection system is loaded on the system # find / -name <daemon name> Where <daemon name> is the name of the primary application daemon to determine if the application is loaded on the system. Determine if the application is active on the system. Procedure: # ps -ef | grep <daemon name> If no host-based intrusion detection system is installed on the system, this is a finding.
Fix Text
Install a host-based intrusion detection tool.
Additional Identifiers
Rule ID: SV-45912r2_rule
Vulnerability ID: V-782
Group Title: GEN006480
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001259 |
The organization interconnects and configures individual intrusion detection tools into a systemwide intrusion detection system using common protocols. |
Controls
| Number | Title |
|---|---|
| No controls are assigned to this check |