Install Intrusion Detection Software
An XCCDF Rule
Description
The base Red Hat Enterprise Linux 9 platform already includes a sophisticated auditing system that can detect intruder activity, as well as SELinux, which provides host-based intrusion prevention capabilities by confining privileged programs and user sessions which may become compromised.
warning alert: Warning
In DoD environments, supplemental intrusion detection and antivirus tools,
such as the McAfee Host-based Security System, are available to integrate with
existing infrastructure. Per DISA guidance, when these supplemental tools interfere
with proper functioning of SELinux, SELinux takes precedence. Should further
clarification be required, DISA contact information is published publicly at
https://public.cyber.mil/stigs/
Rationale
Host-based intrusion detection tools provide a system-level defense when an intruder gains access to a system or network.
- ID
- xccdf_org.ssgproject.content_rule_install_hids
- Severity
- High
- References
- Updated