Install Intrusion Detection Software

An XCCDF Rule

Description

The base Oracle Linux 8 platform already includes a sophisticated auditing system that can detect intruder activity, as well as SELinux, which provides host-based intrusion prevention capabilities by confining privileged programs and user sessions which may become compromised.

warning alert: Warning

In DoD environments, supplemental intrusion detection and antivirus tools, such as the McAfee Host-based Security System, are available to integrate with existing infrastructure. Per DISA guidance, when these supplemental tools interfere with proper functioning of SELinux, SELinux takes precedence. Should further clarification be required, DISA contact information is published publicly at https://public.cyber.mil/stigs/

Rationale

Host-based intrusion detection tools provide a system-level defense when an intruder gains access to a system or network.

ID: xccdf_org.ssgproject.content_rule_install_hids
Severity: High
References: 1 12 13 14 15 16 18 7 8 9

APO01.06 APO13.01 DSS01.03 DSS01.05 DSS03.05 DSS05.02 DSS05.04 DSS05.07 DSS06.02

CCI-001263

4.3.3.4

SR 3.1 SR 3.5 SR 3.8 SR 4.1 SR 4.3 SR 5.1 SR 5.2 SR 5.3 SR 6.2 SR 7.1 SR 7.6

A.10.1.1 A.11.1.4 A.11.1.5 A.11.2.1 A.13.1.1 A.13.1.3 A.13.2.1 A.13.2.3 A.13.2.4 A.14.1.2 A.14.1.3 A.6.1.2 A.7.1.1 A.7.1.2 A.7.3.1 A.8.2.2 A.8.2.3 A.9.1.1 A.9.1.2 A.9.2.3 A.9.4.1 A.9.4.4 A.9.4.5

CM-6(a)

DE.CM-1 PR.AC-5 PR.DS-5 PR.PT-4

Req-11.4
Updated: about 1 year ago