Skip to content

Install the Host Intrusion Prevention System (HIPS) Module

An XCCDF Rule

Description

Install the McAfee Host Intrusion Prevention System (HIPS) Module if it is absolutely necessary. If SELinux is enabled, do not install or enable this module.

warning alert: Warning

Due to McAfee HIPS being 3rd party software, automated remediation is not available for this configuration check.

warning alert: Functionality Warning

Installing and enabling this module conflicts with SELinux. Per DoD/DISA guidance, SELinux takes precedence over this module.

Rationale

Without a host-based intrusion detection tool, there is no system-level defense when an intruder gains access to a system or network. Additionally, a host-based intrusion prevention tool can provide methods to immediately lock out detected intrusion attempts.

ID
xccdf_org.ssgproject.content_rule_package_MFEhiplsm_installed
Severity
Medium
References
Updated