1.11 Ensure host-based intrusion detection tool is used - MFEhiplsm process

Information

The operating system must have a host-based intrusion detection tool installed.

Rationale:

Adding host-based intrusion detection tools can provide the capability to automatically take actions in response to malicious behavior, which can provide additional agility in reacting to network threats. These tools also often include a reporting capability to provide network awareness of the system, which may not otherwise exist in an organization's systems management regime.

Solution

Install and enable the latest McAfee HIPS package, available from USCYBERCOM.
Note: If the system does not support the McAfee HIPS package, install and enable a supported intrusion detection system application and document its use with the Authorizing Official.

Notes:

This Benchmark recommendation maps to:

Red Hat Enterprise Linux 7 Security Technical Implementation Guide:

Version 2, Release: 3 Benchmark Date: 26 Apr 2019



Vul ID: V-92255

Rule ID: SV-102357r1_rule

STIG ID: RHEL-07-020019

Severity: CAT II

See Also

https://workbench.cisecurity.org/files/2688

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, CSCv7|8.1

Plugin: Unix

Control ID: d7e8c7faafbb0c43ca85d4e04913051ce2bd56cf5b8bf22c54a431cb718ba7af