From Oracle Linux 5 Security Technical Implementation Guide
Part of GEN006480
Associated with: CCI-001259
Adding host-based intrusion detection tools can provide the capability to automatically take actions in response to malicious behavior, which can provide additional agility in reacting to network threats. These tools also often include a reporting capability to provide network awareness of system, which may not otherwise exist in an organization's systems management regime.
Ask the SA or ISSO if a host-based intrusion detection application is loaded on the system. Per OPORD 16-0080 the preferred intrusion detection system is McAfee HBSS available through Cybercom. If another host-based intrusion detection application is in use, such as SELinux, this must be documented and approved by the local Authorizing Official.
Procedure:
Examine the system to see if the Host Intrusion Prevention System (HIPS) is installed
# rpm -qa | grep MFEhiplsm
Verify that the McAfee HIPS module is active on the system.
# ps -ef | grep -i “hipclient”
If the MFEhiplsm package is not installed, check for another intrusion detection system:
# find / -name
Install and enable the latest McAfee HIPS package, available from Cybercom. If the system does not support the McAfee HIPS package, install and enable a supported intrusion detection system application and document its use with the Authorizing Official.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer